http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=224700547 By Tim Wilson DarkReading May 03, 2010 You would think that of all people, the developers of the UK's Cybersecurity Challenge website would be the most scrupulous about finding security vulnerabilities before they happen. But according to researchers, cross-site scripting (XSS) flaws happen to them, too. According to a report on the Netcraft security site, an XSS vulnerability already has been uncovered on the Cyber Security Challenge UK website, before the site has even been made ready for candidates to register. The Cybersecurity Challenge was established by a management consortium of key figures in cyber security, and is designed to test the mettle of security professionals. The simple coding error was demonstrated a short while ago by James Wheare, according to the report. Wheare told Netcraft that he was prompted to look for the hole after reading a friend's tweet, and noticed insufficient encoding in the page's tags. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Mon May 03 2010 - 22:44:50 PDT
This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 22:54:49 PDT