+ - Are there any Gopher holes 1
Submitted
by
micheas
Submission Summary: 0 pending, 6 declined, 1 accepted (7 total, 14.29% accepted)
+ - Paypal XSS vulnerabilty Disclosed
Submitted
by
micheas
micheas writes "Netcraft is reporting that Harry Sintonen ,a Finnish Security researcher, has uncovered an XSS Vulnerability in Paypal.
While the article is a little light on news. They do have a screen shot with the following advice:
While SSL certificates do indeed provide a higher level of assurance when it comes to site ownership, they cannot guarantee that a site is free from other security problems — including cross-site scripting. There are concerns that hackers may exploit misunderstandings in the significance of the green address bar for their own benefit, piggybacking off the trust that is instilled by EV certificates. Users need to be aware that a green address bar does not guarantee the origin of a page's contents if there is a cross-site scripting vulnerability on that page.
Maybe the green and yellow bars should be replaced with the old locks with either green or yellow background on the locks?"
While the article is a little light on news. They do have a screen shot with the following advice:
While SSL certificates do indeed provide a higher level of assurance when it comes to site ownership, they cannot guarantee that a site is free from other security problems — including cross-site scripting. There are concerns that hackers may exploit misunderstandings in the significance of the green address bar for their own benefit, piggybacking off the trust that is instilled by EV certificates. Users need to be aware that a green address bar does not guarantee the origin of a page's contents if there is a cross-site scripting vulnerability on that page.
Maybe the green and yellow bars should be replaced with the old locks with either green or yellow background on the locks?"
+ - Lessig decides not to run for congress->
Submitted
by
micheas
micheas writes "Larry Lessig has decided that running for congress himself in a special election would be too risky to his change congress movement and has decided not too run.
The video on his blog explaining his decision."
Link to Original Source
The video on his blog explaining his decision."
Link to Original Source