Evolution of Web-based worms

Evolution of Web-based worms
Daniel Hanson, 2005-10-20

The Myspace Web worm used a simple vulnerability and XSS to propagate, and it might be a sign of things to come.

Evolution of Web-based worms 2005-10-21
assurbanipal

Ok, default-deny is better than default-permit.
But the real problem here is this: Why should I bother to filter HTML, which should supposedly serve *only* presentation purposes, and be aware of intricate security implications?
Who the hell devised Javascript in the way we know it now? THAT's the ...

[ more ] [ reply ]

Evolution of Web-based worms 2005-10-22
Angel (1 replies)

You quote Ranum but you don't cite him. Bad journalistic form :-/

http://www.ranum.com/security/computer_security/editorials/d
umb/

./4 n G3L/...

[ more ] [ reply ]

Re: Evolution of Web-based worms 2005-10-31
Author - DPH

Got overlooked in the posting to the website. Fixed now. No offense meant.

D...

[ more ] [ reply ]

Evolution of Web-based worms 2005-10-23
squeak

UBBCode, baby.

I personally cannot stand any site that lets users customize the look and feel of their page. I've developed more than a couple migraines from pages like that....

[ more ] [ reply ]

(D)Evolution of programming 2005-10-25
Alexey Vesnin

This case is quite illustrative, but not the only one. There are so many different cases with a single root of the problem - programmer's concern. what the key difference between Unix and Windows kernels and API's? Not in usability - some one-step actions in Windows you'll need to implement making 3...

[ more ] [ reply ]

extremely insightful 2005-10-31
Anonymous

This article is very insightful, as we approach a network border security endgame, look more and more to web based apps being the source of vulnerability and penetration. It's already alot easier to use a malicious activeX control to steal documents from a corporate network then it is to penetrate ...

[ more ] [ reply ]