Latest software headlines from Network World:
Oracle integrates CRM On Demand with Siebel
Mozilla extension would tap into typed commands
iPhone fantasy football draft tools
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Worst Article Ever
I read the article that this story links to and spent the next few minutes laughing and yelling at my screen. The description of how the XSS works "by sending the user to a different site, that steals their session cookie", that is wrong! The 'other' site doesn't have access to your cookies!!
Then in the paragraph after the example they say that this approach is used in SPAM emails too! "A user is sent an email saying that their account has been compromised and they need to click a link fix it, but the link directs them to a different evil page." That isn't a XSS that is a Phishing SPAM!
And where in the article does it suggest a fix? It doesn't. NW, did you actually read this article?