Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds


Victims of Sandy Hook

Stop the Slaughter of Innocents. Congress is bought and paid for by gun lunatics and gun promotion groups. If you want to live in a safe America, help buy Congress back for America. Send a donation to Mayors Against Illegal Guns, 909 Third Avenue, 15th Floor New York, NY 10022

What is Cross Site Scripting?

Though less common than in the past cross-site scripting is still the most common publicly reported web vulnerability and a threat to surfers. Cross-site scripting attacks are used to steal information from your browser when you visit websites such as ecommerce stores, forums, and even your email accounts.

The insidious nature of cross-site scripting or XSS comes from how the attack occurs. The website you are visiting is actually used by hackers to attack visitors. The malicious code that steals your data is presented in the form of simple links, online forms that you fill out, or just visiting by infected sites.

XSS doesn't look suspicious to the naked eye because of the variety of methods available to present the malicious attack to users. Common XSS delivery types include:

• JavaScript
• VBScript
• ActiveX
• Flash
• Even HTML!

Each of these types of software code is essential to building websites and perform numerous functions to ensure proper functionality. Attackers search for vulnerable websites and applications to fool users in order to gather confidential data from them. Using XSS fraud, everything from account hijacking, identity theft, changing user settings, redirecting the browser to a different location, or showing fraudulent content delivered by the website being visited is possible.

Attacker's favorite targets include message board posts, instant messages, and web chat software. Sometimes the unsuspecting user is not required to interact with any additional site or link; just simply viewing the web page containing the malicious code can delivery the payload.

Cross-site Scripting involves a hacker embedding malicious code into a webpage. They usually do this by using the comments feature of a webpage to insert a comment that contains a script. When a user visits the webpage the script is executed in order to create requests that can be mistaken for those of a valid webpage in order to gather private data.

Some ways to protect yourself from Cross Site Scripting attacks are to only follow links from the main website that you wish to visit. Avoid clicking on unsolicited links and hyperlinks even if they look innocent. For instance, if you come across a link that says that it will re-direct you to CNN's website, instead of clicking on that link, type CNN's URL into the browser and visit the website on your own. In addition, be sure to keep your plug-ins, such as your Flash Player, and Java up-to-date.

XSS can be executed automatically when you open an email or email attachment, or when you read a guestbook or bulletin board post. If you plan on opening an email or read a post on a public board from a person you don't know BE CAREFUL. One of the best ways to protect yourself is to turn off JavaScript in your browser's settings. In Internet Explorer, turn your security settings to high.

It is tough to avoid XSS holes; they have plagued even the most credible websites. Some of the websites that have been infected include:

• FBI.gov
• CNN.com
• Time.com
• eBay.com
• Yahoo
• Apple
• Microsoft
• MySpace
• Wired.com


The author is a computer security professional with experience protecting small business and home networks. He also teaches the basics of computer network security at 365 Computer Security Training where he blogs regularly and creates video training and educational materials related to information security. Learn more at 365ComputerSecurityTraining.com [parked domain]

More Network Security Articles:
• Are You Meeting ISO 27000 Standards for Information Security Management?
• Designing Physical Network Security
• Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
• Network Security Model - Defining an Enterprise Security Strategy
• The Basics of Network Security
• Network Security by Filtering
• What is Cross Site Scripting?
• Elementary Information Security
• What Roles Do Firewalls and Proxy Servers Play in Network Security?
• Digital Signatures and Certificates

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2017 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268