XSS Crossover

5:20 PM -- The last thing any journalist wants to do is become part of the story. Or for that matter, make his or her publication part of the story.

I got the dubious distinction of doing both yesterday, albeit inadvertently. A few hours after posting Hackers Reveal Vulnerable Websites, the Dark Reading message board lit up with the bad news that the link to my story had the very same XSS flaw.

Ouch.

Sla.ckers had added Dark Reading to its wall of shame, which then included Dell, HP, MySpace, Photobucket, F5, and Acunetix. So I alerted our Web group, which quickly made the fixes (and apparently, a hacker friend or two along the way). No attacks, no problem.

We weren't the first pub to be listed on the site –- first it was PC World, then us and, as of today, MacWorld, Fox News, the Independent, SC Magazine, and ZDNet UK had been added to the list of vulnerable sites. (Friendly tip to my fellow tech journalists: Now is a good time to get to know your Website group if you don't already).

So not only did we get the "scoop" on the XSS site problems, but we also got the message loud and clear: Don't assume you're immune to XSS vulnerabilities. They're everywhere. (See Cross-Site Scripting: Attackers' New Favorite Flaw.)

And just because you write about them doesn't mean the hackers will cut you any sla.ck.

— Kelly Jackson Higgins, Senior Editor, Dark Reading