A blog dedicated to information warfare, cyber security, information security, or whatever you choose to call it. Ethical hacking, vulnerability assessments, penetration testing, web application testing, and social engineering techniques may also be discussed.
Ed Skoudis gave a talk at Hack in the Box last year where he lamented how sad it was that SQL injection was still going on. I would like to add Cross Site Scripting to that lamentation today. I was logged into Twitter this morning and suddenly started seeing a similar "re-tweet." I jumped on the Google and saw several early write ups saying Twitter was getting pwned. Here is the tweet I got:
"onmouseover", you have got to be kidding me. I booted into a system I didn't care about and ran the cursor over the code; bang I was retweeting. That's slick, no clicking invovled. A successful stored XSS attack on a major site in 2010, awesome. Here's a quick write-up on XSS if you don't know how it works: http://en.wikipedia.org/wiki/Cross-site_scripting
To be clear I am not currently job searching, that I know of, and this is just an observation. Over the past two or three weeks I have gotten about 10 job-related phone calls. These seem to come and go and I often wonder why so many happen at one time from different companies and different "recruiters." Two of the phone messages I got were barely intelligible as the caller was not proficient with English. Two were to work for the Department of Energy and I told the recruiters no thank you. The last was to head to Wilmington Delaware, which I also declined. I realized I didn't know much about Wilmington so I read their web page: http://www.wilmingtonde.gov/ and also looked at the wikipedia entry: http://en.wikipedia.org/wiki/Wilmington,_Delaware . The section on crime was a bit scary and the picture of the library was awesome.