Homepage
PR Newswire
06-08-2012, 01:22 PM
(06-08-2012, 12:41 PM)swakoo Wrote:(05-08-2012, 09:34 PM)KopiKat Wrote: I scanned my system, nothing detected.. I only had Facebook and this Forum opened when that pop-up came up everytime I was doing a preview earlier on....
Another possibility?
The beginning of the end of popup porn, Facebook worms and cross-site phishing?
Thx! May also not be FaceBook, extracts for cyclone to analyse as too 'chim' for me,
Websites which can be compromised through the insertion of malicious script tags are said to have a cross-site scripting (XSS) vulnerability. Carrying out such a compromise is an XSS exploit.
There are two main sorts of XSS exploit. First is the stored or persistent exploit. As the name suggests, unauthorised tags are permanently stored onto the victim's web server - for example, using a SQL injection hack to infect fields in the server's databases. Anyone visiting the site, even if they visit it directly, may be exposed to attack. (SophosLabs finds about 25,000 newly-infected web pages per day, so this sort of compromise is very common.)
More pernicious is the non-persistent or reflective exploit. This sort of exploit is usually much more difficult to detect and to remediate because the unauthorised tags never actually exist on the affected web server. This means that you cannnot search for them in files or databases. Reflective XSS attacks exploit poor input validation by the server, tricking the server into accepting malicious tags as input and then reflecting them blindly in the response sent back to the browser.
Luck & Fortune Favours those who are Prepared & Decisive when Opportunity Knocks
------------ 知己知彼 ,百战不殆 ;不知彼 ,不知己 ,每战必殆 ------------
------------ 知己知彼 ,百战不殆 ;不知彼 ,不知己 ,每战必殆 ------------
