Big internet names are vulnerable to a hacker technique despite more than 18 months' worth of warnings, claims a security expert. Security watcher Dave deVitry, of Infigon Technologies, released a shortlist of high-profile sites he claims are still vulnerable to Cross Site Scripting including Citibank, Google, CNet, Oracle, MSNBC and eBay, complete with samples. And yes, some of them do show signs of the vulnerability.. . .
Big internet names are vulnerable to a hacker technique despite more than 18 months' worth of warnings, claims a security expert. Security watcher Dave deVitry, of Infigon Technologies, released a shortlist of high-profile sites he claims are still vulnerable to Cross Site Scripting including Citibank, Google, CNet, Oracle, MSNBC and eBay, complete with samples. And yes, some of them do show signs of the vulnerability.

More than 18 months since the Computer Emergency Response Team (CERT) issued an alert on Cross Site Scripting, a user to run their own scripts on vulnerable sites, as well as steal cookies, perform actions on behalf of another user or modify content on a site.

The link for this article located at vnunet is no longer available.