Why am I not surprised, nor am I getting worked up about it...?
I mean, c'mon, people...after all, what _are_ the first four letters in "Twitter"...?
Micro-blogging site Twitter suffers from a potentially devastating vulnerability that forces logged-in users to post messages of an attacker's choice simply by clicking on a link. It could be used to spawn a self-replicating worm. The XSS, or cross-site scripting, error was discovered by Secure Sciences Corp researchers Lance …
Please don't dismiss XSS as a trivial non-event. If you're a bank (are there still any banks?) it's pretty serious. Even if you just require a logon before letting customers download your PDF brochures, you may still be revealing their passwords - and if they use the same passwords for other apps, like 90% of users ...
At the very least you make your organisation look incompetent - the commercial cost of that only you can decide. And where there's an XSS vulnerability, can SQL Injection be far behind?
@DanG: "boarder routers", I think I'll use this alternative spelling from now on.
<insert obligatory "arr-harr, standy by me buckos" comment here>
AC: You seem to think I'm talking about toy operating systems ... I mean, seriously, A/V software? WTF? My exact methodology is unimportant. It works. Many other sysadmins do similar. Yes, it could loosely be called "IDS". Using proxies to get around the blocks is a firing offense, even though the attempt would probably be unsuccessful. Remember, these are WORK machines, not toys at home.
Chris: It was late. Mea culpa :-)
David: Most people don't understand that company computers belong to the shareholders, not the workers using the machines ...
""A Twitter representative has yet to return our email."
Because email is _so_ Web-1.0"
THAT, my friends, is one of the problems with the Web2.0 crowd. They have absolutely no concept of the history & inner workings of teh intratubes. As a hint to the AC, I was sending and receiving "email" back in the late 70s. From home. Long before the Web existed. For our current standard's roots, metacrawler RFC 821, published in 1982.
We had instant messaging in the late '70s, too. metacrawler "talk +UNIX" ... Kids these days!
Biting the hand that feeds IT © 1998–2019