Feeds

back to article Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln

Visitors to a video distribution website were unwittingly turned into participants in a hacker's DDoS battle against a third-party site earlier this month. DDoS mitigation firm Incapsula identified the video website as Sohu.TV, after the Chinese streaming site plugged a vuln that enabled the browser-based botnet attack to happen …

COMMENTS

This topic is closed for new posts.
Silver badge

Bah!

"Search-fox". That has a nice ring to it. Why can't anyone in the Western IT World come up with something similar?

0
0
Anonymous Coward

Your comparison is quite wrong

"the size of the attack is modest in the current era of gigabit-sized crapfloods"

your comparing layer 7 DDoS to layer 3-4 DDoS, that's like comparing a sniper rifle to a shotgun.

22,000 request per second for layer 7 is HUGE.

2
0
Bronze badge

Re: Your comparison is quite wrong

And conversely, why is what appears to be a bog-standard Persistent XSS exploit newsworthy (in itself, and not for the DDoS volume)? Persistent XSS is in the OWASP Top Ten - it's hardly a novel or little-known technique.

0
0

Re: Your comparison is quite wrong

It's not "A Persistent XSS" it's "A Persistent XSS in Alexa #27"!

you don't see the difference?

How many people in the world have HIV?

How many US Senators have HIV?

do you see the difference now?

0
0
This topic is closed for new posts.