Sign in / up

back to article Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln

Visitors to a video distribution website were unwittingly turned into participants in a hacker's DDoS battle against a third-party site earlier this month. DDoS mitigation firm Incapsula identified the video website as Sohu.TV, after the Chinese streaming site plugged a vuln that enabled the browser-based botnet attack to …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Stevie

    Bah!

    "Search-fox". That has a nice ring to it. Why can't anyone in the Western IT World come up with something similar?

    0 0
  2. Anonymous Coward
    Anonymous Coward

    Your comparison is quite wrong

    "the size of the attack is modest in the current era of gigabit-sized crapfloods"

    your comparing layer 7 DDoS to layer 3-4 DDoS, that's like comparing a sniper rifle to a shotgun.

    22,000 request per second for layer 7 is HUGE.

    2 0
    1. Michael Wojcik Silver badge
      Reply Icon

      Re: Your comparison is quite wrong

      And conversely, why is what appears to be a bog-standard Persistent XSS exploit newsworthy (in itself, and not for the DDoS volume)? Persistent XSS is in the OWASP Top Ten - it's hardly a novel or little-known technique.

      0 0
      1. MarkoZ
        Reply Icon

        Re: Your comparison is quite wrong

        It's not "A Persistent XSS" it's "A Persistent XSS in Alexa #27"!

        you don't see the difference?

        How many people in the world have HIV?

        How many US Senators have HIV?

        do you see the difference now?

        0 0
This topic is closed for new posts.

Other stories you might like