Twitter XSS worm

An XSS worm has hit twitter this morning and appears to have affected hundreds of thousands of users. Sophos has a good technical writeup at http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/ ARSTechnica has some coverage about Magnus Holm, the author of the worm. http://arstechnica.com/security/news/2010/09/twitter-worms-spread-quickly-thanks-to-blatant-security-flaw.ars I'll update this post once a more accurate count of affected users is...

CGISecurity Turns 10!: Summary of the more interesting site posts throughout the years

To commemorate this site turning 10 I've created a list of my top 10 thought provoking/innovate posts that people who haven't been following this site may be unaware of. The Cross-site Scripting FAQ (2001) In 2001 someone informed me of this new threat involving the injection of HTML/Javascript into a site's response...

CGISecurity.com Turns 10!: A short appsec history of the last decade

Ten years ago today I started cgisecurity.com to fill a void in the application security space. At the time no other dedicated site existed, neither OWASP nor WASC had been created, and the www-mobile list was effectively the only place to discuss web related vulns and attacks . When I first started...

WASC Web Hacking Incident Database Semi-Annual Report for 2010

Fellow WASC officer Ryan Barnett has published an update to the Web Hacking Incident Database project. He sent the following to The Web Security List (a list which I operate) this morning. "Greetings everyone, I wanted to let you all know that we have released the new WHID report for 2010 -...
Looking for something else or having a hard time finding a story? We recently moved things around so please use the search bar on the right!