This morning I spotted several blog posts mentioning that Twitter has been hit by yet another XSS worm.
There is no merit in discussing how this has been done and for what purposes but this incident is yet another proof that the attack landscape is rapidly changing and moving towards web enabled infrastructures and the client-side. Soon or later almost every website will be equipped with social capabilities (google’s own opensocial and friendconnect platforms) and than simple persistent XSS attacks will turn into quite nasty problems.
Time will tell!
—
gnucitizen information security gigs part of the cutting-edge network:
- No active items found!
- GNUCITIZEN NETWORK
—
recent posts from the gnucitizen cutting-edge network:
Early Preview of Websecurify 0.6
Exit Through the Gift Shop
Jerry Rice on Success
Time Blocking
0.5 is up for grabs
View full post on GNUCITIZEN
Related Posts
- SQL Slammer Worm Regains Momentum
At McAfee Labs every day we monitor millions of intrusion prevention systems (IPS) alerts from our sensors around the world. From these alerts, we often see interesting global data and trends. Recentl... - Sorry, we can’t hack Taylor Swift’s Twitter account (even if you ask nicely)
We get some pretty interesting feedback from readers of Naked Security from time-to-time, but this one takes the word oddball to all new heights of space-hopperdom.
A fan of the SophosLabs YouTube cha... - The Nduja Job: Into The World Of XSS Worms
In this blog i talk about the history of XSS worms, how they evolved to spread through multiple webmail providers and the client-server model involved in a XSS botnet.
More here:
http://www.avertlabs... - please help regarding bot worms..
Hello Everybody,
I have recently setup a honeynet lab and i'm looking for help for sources whre i can get some worms so that i can inject them on my honeypots.....My research is on irc bots so plz ... - Support Scams: Even More Personal
It must be be my lucky month. I've been getting lots of calls offering to save my PC from system errors. (Sadly, this is an instance where regional "don't cold call" lists don�... - SafeCentral: New York Times article says it “protects users even if there’s malware on the computer”
A few weeks ago I demonstrated SafeCentral to Riva Richmond of the New York Times. She wrote an article appears in Friday's New York Times covering a "new breed of products" that address online iden... - The cars knew even more
Earlier this year Norman published a security article about how Google's Street View cars collected data from WiFi networks.
Google then wrote on its blog:
"(...) We collect the following info... - Definition file update for Ad-Aware – combating Viruses, Spyware, Malware, Rogue software, Worms and Adware.
149.474 is now available, new definition file for Ad-Aware 8.2.150.159 is now available, new definition file for Ad-Aware 8.3.New definitions:====================Win32.Backdoor.StapomeWin32.FraudTool.... - Vogon spam is even worse than the poetry
If you read my previous blogs about P2P/inbox-mediaone/traclickmedia spam offering the currently-defunct Limewire (though some sort of replacement has been promised), you'll be glad to know that n... - “Most people don’t even know what a rootkit is”
The infamous Sony Rootkit case is five years old today.The Sony rootkit was shipped on millions on music CDs from well-known artists such as Celine Dion, Neil Diamond and Ricky Martin.When suc...
Posted on 04 May 2010. Tags: even, Worms
For everyone reading this and wanting to have a look at the code like me: http://cxg.de/?id=DZcgpvEzIojaQwx