Comments on: Facebook and XSS - a sample in action! :P http://cubist.cs.washington.edu/Security/2008/03/06/facebook-and-xss-a-sample-in-action-p/ Wed, 20 Aug 2008 16:47:08 +0000 http://wordpress.org/?v=2.5.1 By: joyleung http://cubist.cs.washington.edu/Security/2008/03/06/facebook-and-xss-a-sample-in-action-p/#comment-3621 joyleung Tue, 11 Mar 2008 06:43:11 +0000 http://cubist.cs.washington.edu/Security/2008/03/06/facebook-and-xss-a-sample-in-action-p/#comment-3621 It is somewhat frightening how easy it can be to look up working exploits for software on the internet. Especially if it is the first hit on google. Is it right for people to research into weaknesses (like breaking encryption) and post them openly on the internet? I just wonder if the damage done by posting flaws on the internet exceed the damage that would be done if the software company were contacted privately. It is somewhat frightening how easy it can be to look up working exploits for software on the internet. Especially if it is the first hit on google. Is it right for people to research into weaknesses (like breaking encryption) and post them openly on the internet? I just wonder if the damage done by posting flaws on the internet exceed the damage that would be done if the software company were contacted privately.

]]> By: felixctc http://cubist.cs.washington.edu/Security/2008/03/06/facebook-and-xss-a-sample-in-action-p/#comment-3457 felixctc Sat, 08 Mar 2008 21:53:22 +0000 http://cubist.cs.washington.edu/Security/2008/03/06/facebook-and-xss-a-sample-in-action-p/#comment-3457 To tie this to what we learned recently from a guest lecture, it also shows how important it is to take security into considerations during the design and implementation stage in a software development lifecycle. This way, attacks like this wouldn't be so easy to execute. Here's a link that talks a little more about hackers attacks on MySpace and facebook.: http://www.computing.co.uk/vnunet/news/2210932/buffer-overflow-hacks-target To tie this to what we learned recently from a guest lecture, it also shows how important it is to take security into considerations during the design and implementation stage in a software development lifecycle. This way, attacks like this wouldn’t be so easy to execute.

Here’s a link that talks a little more about hackers attacks on MySpace and facebook.:
http://www.computing.co.uk/vnunet/news/2210932/buffer-overflow-hacks-target

]]>