Jeremiah Grossman: XSS Disclosure Drama

Thursday, September 28, 2006

XSS Disclosure Drama

Here's a quick link recap of the ongoing drama occurring on sla.ckers.org. Dozens and dozens of XSS issues are being disclosed in major websites, even in security companies (Acunetix, F5, ISC2, etc.). Acunetix and F5 say, we're not vulnerable! A couple security industry folk question the strategy of their response and offer they're own two cents worth of advice. The hackers strike back by identifying other XSS issues, this time with pictures of STALL0W3D!1. Acunetix says still no, must have been our honeypot.

Bottom line: Time to find and fix your XSS issues before you end up on the wall of shame, or worse.

1 comment:

Anonymous said...: Interesting to find F5 Website issue having their TrafficShield product positioned to eliminate the exact same issues.

2 cents.; September 29, 2006 at 1:00 PM

Post a Comment

BIO

Jeremiah Grossman brings 20+ years of experience in Computer Security and has become one of the most recognizable and world-renowned cybersecurity experts in the industry, coining several of the original hacking terms commonly used around the world today. Early in his career, Jeremiah was known as “The Hacker Yahoo” which led to his role as the company’s Information Security Officer. Jeremiah founded WhiteHat Security (now Synopsis), and served as Chief of Security Strategy for SentinelOne which was the highest-valued cybersecurity IPO in history. Most recently, Jeremiah was the founder & CEO of Bit Discovery, which was acquired by Tenable in 2022. He also serves as a company advisor and board member to several tech startups. In his spare time, Jeremiah does Brazilian Jiu-Jitsu and is passionate about classic cars. He recently opened Toybox, a luxury car club in Boise, Idaho.