Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Digg.com Accounts Compromised

Submitted by Anonymous Coward
An anonymous reader writes "There is a cross-site scripting vulnerbility on the registration page of popular social networking site Digg.com. The hole allows cookies and sessions of logged-in users to be hijacked, compromising the account. The exploit can be triggered simply by a user clicking a maliciously-crafted link. A full explanation and sample exploit code is available here"
Security

+ - Campaign Sites Full of Vulnerabilities

Submitted by Anonymous Coward
An anonymous reader writes "Bloggers have been buzzing about the new wave of "Web 2.0" campaign sites, but it seems that a lot of presidential candidates haven't bothered to protect themselves from cross-site scripting attacks. A blogger has found a collection of XSS vulnerabilities including the websites of Barack Obama, Joe Biden, John Edwards, Mitt Romney, John Cox, Newt Gingrich, Tom Tancredo, the Democratic National Committee, and even a surprise from Whitehouse.gov. Some of the holes are low-risk, but others would allow a user's accounts on the affected website to be compromised. A victim would simply have to click on a maliciously crafted link that appears to lead to the candidate's site."

Behind every great computer sits a skinny little geek.

Working...