Cross-Site Scripting

It has been a few months since I’ve posted anything. No excuse other than the usual lame one that I’ve been really busy. It’s true but still …

Today’s SANS NewsBites issue discussed Cross-Site Scripting issues with Gmail and Adobe Acrobat. The flaw with Adobe Acrobat Reader 6.x and 7.x has received a lot of press this week. Symantec’s Security Response Weblog said, “The ease in which this weakness can be exploited is “breathtaking”. This flaw could allow attackers to cause malicious code to execute on vulnerable systems. The easiest fix is to upgrade to Adobe Acrobat Reader 8.0. There are work arounds, including:

  • disabling displaying PDF documents in the web browser
  • disabling JavaScript
  • filtering JavaScript in URLs.

The discussion of the Gmail XSS issue included a link to an excellent paper by Jeremiah Grossman: Cross-Site Scripting Worms and Viruses. This is likely one of the better descriptions and explanations of Cross-Site Scripting.

Advertisements

Steve Mullen has been involved in information technology for over 35 years. He is also actively involved in the music program (voice and English hand bells) and Vestry of St. Anne’s Episcopal Church in Damascus, MD.

Posted in Adobe, Blog, Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories
January 2007
M T W T F S S
« Sep   Feb »
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: