Google Auctions XSS Proof of Concept
Note: Google has now fixed the vulnerability. After a recent article by the folks at NeoSmart.net http://neosmart.net/blog/archives/194 which seemingly downplayed the severity and danger posed by XSS (cross site scripting), I thought it pertinent to help elucidate just how powerful XSS can be. The vast majority of XSS proof-of-concepts are limited to simple javascript alerts. When visiting an XSS injected url, you see some pop up that warns you of the vulnerability. This is substantial enough for professionals to understand the severity of the injection, but to the average web user it seems no more dangerous than any other pop up they encounter. The truth is, however, that XSS is an extremely powerful method through which a criminal can rely on the trust a user...
▷▷ Arrows Showing in Google Results
Want to know how to put arrows next to your title in your Google Results??? Leave it to the spammers to find special characters that get through to Google search results page. Currently, the ▷ is showing as arrows in Google’s serps. You can see this by searching for cheap phentermine. While previously it was possible to get arrows to show up for listings in MSN, this is the first example I have seen on Google. SEOs (search engine optimizers) can use arrows can draw attention to listings and increase click through rates. I am sure that Google will fix this soon enough.
Amazon.com banned by Google
In an amazing ridiculous action, Google has banned the internet staple, Amazon.com. This has got to be another caching bug that has been plaguing Google’s datacenters for the last several weeks. Good Work Google! We discussed this issue thoroughly in the http://www.thegooglecache.com/?p=29 post on Google’s caching problems. While the site:amazon.com command continues to work, the direct referal search of amazon.com or www.amazon.com fails. This is of particular interest considering a large number of surfers place the url directly into the Google search toolbar when trying to access a page....
Why XSS Vulnerabilities Do Matter…
“What matters in the end is that these products aren’t â€Å”defective†and not even truly insecure. They’ve been modified the way the language allows for them to be modified, no more no less.” – http://neosmart.net/blog/archives/194 I really like to temper my posts with politeness and general levels of respect, but I simply cannot in this case. Neosmart.com’s objections that XSS really is not a vulnerability are both ludicrous and dangerous. First, the insinuation above that states “they have been modified the way the language allows for them to be modified” is true, but is certainly not an accurate measure of vulnerability. Any language can be exploited if...
Spammer Vigilante
So check this out. Some guy at http://www.spam-blocker-resource.com caught a spammer using his wi-fi and tracked the guy down. Now he is looking for suggestions on what to do to him or his property. Has it really come to this? That people are so violently in support of their right not to be comment-spammed that they would resort to such vigilante actions?
Recent Comments