XSS Crossover

Bitten by our own scoop yesterday, hackers showed us Dark Reading had the same XSS vulnerability we reported on

Dark Reading Staff, Dark Reading

September 22, 2006

1 Min Read
Dark Reading logo in a gray background | Dark Reading

5:20 PM -- The last thing any journalist wants to do is become part of the story. Or for that matter, make his or her publication part of the story.

I got the dubious distinction of doing both yesterday, albeit inadvertently. A few hours after posting Hackers Reveal Vulnerable Websites, the Dark Reading message board lit up with the bad news that the link to my story had the very same XSS flaw.

Ouch.

Sla.ckers had added Dark Reading to its wall of shame, which then included Dell, HP, MySpace, Photobucket, F5, and Acunetix. So I alerted our Web group, which quickly made the fixes (and apparently, a hacker friend or two along the way). No attacks, no problem.

We weren't the first pub to be listed on the site –- first it was PC World, then us and, as of today, MacWorld, Fox News, the Independent, SC Magazine, and ZDNet UK had been added to the list of vulnerable sites. (Friendly tip to my fellow tech journalists: Now is a good time to get to know your Website group if you don't already).

So not only did we get the "scoop" on the XSS site problems, but we also got the message loud and clear: Don't assume you're immune to XSS vulnerabilities. They're everywhere. (See Cross-Site Scripting: Attackers' New Favorite Flaw.)

And just because you write about them doesn't mean the hackers will cut you any sla.ck.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights