Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Ugh (Score 1) 156

by Jerome H (#40186609) Attached to: The Cost of Crappy Security In Software Infrastructure

XSS is still a systemic error, not strictly coding. Why? Because it's code injection. If the browser was sandboxed, then the code couldn't do anything. Now, fi your bank was hit or your browser is sandboxed per instance, not tab, then you could lose your bank info to an attack, again, a high level design issue, not a coding issue.

Well even if the browser is sandboxed what would it change? The malicious code comes from the URL (either per mail or linking) and is displayed back to the user without any sanitizing, how is this not an coding error ?

Old programmers never die, they just branch to a new address.

Working...