Uhmmm, will you guys understand if start writing about XSS ??? If you understand, good, if you don’t, great, as it tells that you’ve so many other things in your life to worry about than mere security on a web site. But, in order to understand what I’m writing here, you’ve to know little about XSS - Cross Site Scripting.

XSS, in simple terms is a computer security vulnerability found in web applications which allow code injection by bad guys. The bugs can be exploited to craft powerful phishing attacks including stealing credentials.

Why am I writing about this ? Yesterday, I found couple of XSSes in two big Indian web sites. Rediff and MouthShut. I’ve reported to MouthShut about the vulnerability, but not rediff (Sorry rediff, I hate you) The below screenshot is XSS in MouthShut. If they’ve fixed, you can see it here.

As I hate rediff, and I didn’t report to rediff, I don’t want to post about rediff’s XSS. But, You can see that rediff is STUPID by giving some weird chars (hint : Vulgar fraction for ½ brained rediff) as input in its search box.

So, how do you escape from such kind of attacks ??? See my last post. Fire-up your fox with NoScript. It saves you from bad guys of this world.