The Register® — Biting the hand that feeds IT

Facebook poked by XSS flaw

Anonymous Coward

Good news 

Unhappy

I tried every one of his PoCs, and even though I have facebook domains allowed in NoScript, it still spotted that they were XSS and blocked 'em.

FTW!

Suburban Inmate

I second that 

Thumb Up

Mozilla + NoScript and NoSquint (auto text size) = Bliss :-)

They're both "how did I live without them?!?" grade add-ons.

Jan Hargreaves

NoScript 

Heart

awesome add-on. does any more need to be said?

Bruno Girin

419 on LinkedIn 

Pirate

I received a 419 scam message on LinkedIn a few months ago. I notified LinkedIn of it and to their credit they replied within 24 hours saying that they would investigate and delete the user account if it was found to be fraudulent.

As for the NoScript add-on, I agree it's great but that doesn't excuse shoddy coding! Perharps El Reg could point Facebook to this page: http://www.owasp.org/index.php/Top_10_2007-A1 ?

Anonymous Coward

What about the look alike banners. 

Paris Hilton

While we are at it I'd like to point out (Facebook in particular from my experience) freely allow the look alike banners that contain the/or similar user interface as the rest of the site and word their banners as such that it appears as they are part of the intended interface function/application. But in fact lead you to an unwanted location outside of the Facebook.com domain.

This to me is 100% malicious and the sites apparent support for it is juts as malicious. No way anyone will convince me that is responsible advertising.

If someone has to trick a user to access their site then they are acting in a malicious manner. It's unacceptable and unforgivable.

- Paris because she would know better!