Photo: Patsy attack: An attacker (shown in red) can use cross-site scripting to force a user's computer (left) to attack another system (middle), just by visiting a seemingly innocent website (top). Credit: Ha.ckers.org From Technology Review:
How websites can block code from unknown sources.
Sites that rely on user-created content can unwittingly be employed to attack their own users via JavaScript and other common forms of Web code. This security issue, known as cross-site scripting (XSS), can, for example, allow an attacker to access a victim's account and steal personal data.
Now the makers of the Firefox Web browser plan to adopt a strategy to help block the attacks. The technology, called Content Security Policy (CSP), will let a website's owner specify what Internet domains are allowed to host the scripts that run on its pages.
Read more ....
No comments:
Post a Comment