So, what is XSS? Cross Site Scripting (XSS) is said to occur when a web site collect malicious data from a user. The attacker adds the malicious code in a form or link. Usually the code is encoded in HEX or other encoding methods. For a normal user the link or form appears normal and part of the web site. On accessing these links, the data about the user collected. Along with this, the code creates an output that looks genuine. For example, Orkut user would have received java script that can be executed through the Orkut scrap box. The script gives interesting output that look harmless but, it is easy for the attacker to hijack my session and use it.
So what do we do? As a common user here are few things that you can do to prevent XSS attack:
- Always follow links from the main website. For example, if you see link to news article of site X on site Y. It is better to open site X, use its menu or search feature to get the news or article.
- Think twice before you click on ads placed on less know web sites. If an ad interests you, google it and view the site!
- Be careful in opening your emails, its attachments etc.
- Keep internet security at high level in your browser.