So, what is XSS? Cross Site Scripting (XSS) is said to occur when a web site collect malicious data from a user. The attacker adds the malicious code in a form or link. Usually the code is encoded in HEX or other encoding methods. For a normal user the link or form appears normal and part of the web site. On accessing these links, the data about the user collected. Along with this, the code creates an output that looks genuine. For example, Orkut user would have received java script that can be executed through the Orkut scrap box. The script gives interesting output that look harmless but, it is easy for the attacker to hijack my session and use it.
XSS can be in the form of JavaScript, VBScript, ActiveX, HTML, or Flash. And using XSS you can hijack accounts, manipulate with user settings, steal cookies or poison them, and also do false advertising. This attack can even occur on a secured site too. The lock on your browser does not mean that you are secure for XSS!
So what do we do? As a common user here are few things that you can do to prevent XSS attack:
- Always follow links from the main website. For example, if you see link to news article of site X on site Y. It is better to open site X, use its menu or search feature to get the news or article.
- Think twice before you click on ads placed on less know web sites. If an ad interests you, google it and view the site!
- Be careful in opening your emails, its attachments etc.
- Keep internet security at high level in your browser.
No comments :
Post a Comment