It has been a few months since I’ve posted anything. No excuse other than the usual lame one that I’ve been really busy. It’s true but still …
Today’s SANS NewsBites issue discussed Cross-Site Scripting issues with Gmail and Adobe Acrobat. The flaw with Adobe Acrobat Reader 6.x and 7.x has received a lot of press this week. Symantec’s Security Response Weblog said, “The ease in which this weakness can be exploited is “breathtaking”. This flaw could allow attackers to cause malicious code to execute on vulnerable systems. The easiest fix is to upgrade to Adobe Acrobat Reader 8.0. There are work arounds, including:
- disabling displaying PDF documents in the web browser
The discussion of the Gmail XSS issue included a link to an excellent paper by Jeremiah Grossman: Cross-Site Scripting Worms and Viruses. This is likely one of the better descriptions and explanations of Cross-Site Scripting.