tag:blogger.com,1999:blog-13756280.post115929365797101765..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Is testing for XSS illegal?Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-13756280.post-13520153014122195102012-04-18T08:48:45.233-07:002012-04-18T08:48:45.233-07:00So good topic really i like any post talking about...So good topic really i like any post talking about <a href="http://www.investment-plans.info/" rel="nofollow"> Investment Plans </a> but i want to say thing to u Investing not that only ... you can see in Investment <a href="http://www.investment-plans.info/2012/03/nature-of-externalities-analysis-of.html" rel="nofollow"> The Nature of Externalities </a> and more , you shall search in Google and Wikipedia about that .... thanks a gain ,,,Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1160128612728221712006-10-06T02:56:00.000-07:002006-10-06T02:56:00.000-07:00What about phishing then ? Michael receives a emai...What about phishing then ? <BR/><BR/>Michael receives a email, the content (html) is : "click here to visit our fantastic website".<BR/><BR/>Michael doesn't know it, but the address under the link contains a XSS string.<BR/><BR/>When Michael clicks on the link, the 'fantastic website' is attacked.<BR/><BR/>Is Michael a criminal because he is ignorant about the situation ?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1159519257429261772006-09-29T01:40:00.000-07:002006-09-29T01:40:00.000-07:00This is terribly generic. I would think non-persis...This is terribly generic. I would think non-persistent XSS would be difficult to hold up in court. <BR/><BR/>In this situation, would the computer used "to perform a function..deemed unauthorised" be the server software or the client software?<BR/><BR/>I would imagine this point could be argued... then again...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1159343268602986732006-09-27T00:47:00.000-07:002006-09-27T00:47:00.000-07:00Thanks for referencing me :)Just for info sakes, i...Thanks for referencing me :)<BR/><BR/>Just for info sakes, if they are testing ANY website based in the UK, it is illegal.<BR/><BR/>The current Computer Misuse Act makes it a offense if the computer is made to perform a function and that function is deemed unauthorised by the owner of that computer.<BR/><BR/>Simply put: you enter a XSS and the owner doesnt like it, your screwed.<BR/><BR/>And for the record, my "directory traversal" was actually using ../../ in the browser rather than the back button.Anonymousnoreply@blogger.com