Whose script is it, anyway?

A web site developer from Britain is showing how to insert script from one site that shows up on another within a single browser session, making the capture of all your interesting banking information oh, so easy.
Plus: It works in Microsoft Internet Explore orMozilla Firefox! Yippee skippee!
Cross-site scripting, or XSS (Yay! Another new term to drop at your next nerdparty!) is sometimes used in email links on unsuspecting and, let’s face it, dumb banking customers who receive a bogus message telling them, “golly, we’re your bank and all? But we’re going to totally delete you and all your money if you don’t click this and hurry come login for a non-specific but logical-sounding reason.” In this case, you would actually be at your bank’s website, but the redirect inserted some capturing script that would report your login info back to mean people, who suck.

This entry was posted in The Wonderful WWW. Bookmark the permalink.