[ISN] XSS Vulnerabilities Happen To Everybody

From: InfoSec News <alerts_at_private>
Date: Tue, 4 May 2010 00:44:50 -0500 (CDT)

By Tim Wilson
May 03, 2010 

You would think that of all people, the developers of the UK's 
Cybersecurity Challenge website would be the most scrupulous about 
finding security vulnerabilities before they happen. But according to 
researchers, cross-site scripting (XSS) flaws happen to them, too.

According to a report on the Netcraft security site, an XSS 
vulnerability already has been uncovered on the Cyber Security Challenge 
UK website, before the site has even been made ready for candidates to 

The Cybersecurity Challenge was established by a management consortium 
of key figures in cyber security, and is designed to test the mettle of 
security professionals.

The simple coding error was demonstrated a short while ago by James 
Wheare, according to the report. Wheare told Netcraft that he was 
prompted to look for the hole after reading a friend's tweet, and 
noticed insufficient encoding in the page's tags.


Best Selling Security Books and More!
Shop InfoSec News
Received on Mon May 03 2010 - 22:44:50 PDT

This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 22:54:49 PDT