Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

Submission + - Facebook.com Users Vulnerable

An anonymous reader writes: You may remember the MySpace worm that automatically infected profiles by using cross-site scripting. Facebook users are vulnerable to a similar exploit, which could be used to compromise accounts or force users to post messages, join groups, etc. A demonstration of the exploit is included.
Security

Submission + - Digg.com Accounts Compromised

An anonymous reader writes: There is a cross-site scripting vulnerbility on the registration page of popular social networking site Digg.com. The hole allows cookies and sessions of logged-in users to be hijacked, compromising the account. The exploit can be triggered simply by a user clicking a maliciously-crafted link. A full explanation and sample exploit code is available here
Security

Submission + - Campaign Sites Full of Vulnerabilities

An anonymous reader writes: Bloggers have been buzzing about the new wave of "Web 2.0" campaign sites, but it seems that a lot of presidential candidates haven't bothered to protect themselves from cross-site scripting attacks. A blogger has found a collection of XSS vulnerabilities including the websites of Barack Obama, Joe Biden, John Edwards, Mitt Romney, John Cox, Newt Gingrich, Tom Tancredo, the Democratic National Committee, and even a surprise from Whitehouse.gov. Some of the holes are low-risk, but others would allow a user's accounts on the affected website to be compromised. A victim would simply have to click on a maliciously crafted link that appears to lead to the candidate's site.

Slashdot Top Deals

% "Every morning, I get up and look through the 'Forbes' list of the richest people in America. If I'm not there, I go to work" -- Robert Orben

Working...