AndyW
|
| posted on 9/1/12 at 09:32 PM |
|
|
cross site scripting? Whats that all about
Hi all,
Just recently I have been getting a message come up to the effect of "windows explorer has modified this page to prevent cross site
scripting"
Any one shed a light as to what on earth that means and why its happening all the time whilst browsing? Mainly on youtube but just got it whilst on
e-bay too?
Hope the flaming computer isnt on the way out.
Im running Norton 360 as apparently all is well?
|
|
|
|
|
david_hornet27
|
| posted on 9/1/12 at 09:38 PM |
|
|
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject
client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such
as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by
Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled
by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
Not really sure what that means in english...
'If everything seems under control you're just not going fast enough' - Mario Andretti
|
|
|
big_wasa
|
| posted on 9/1/12 at 09:39 PM |
|
|
I am getting it to.
ps where is the start up vid
|
|
|
r1_pete
|
| posted on 9/1/12 at 09:43 PM |
|
|
Its basically a vulnerability in web apps whereby unsolicited content is loaded into your browser masquerading as the legitimate content you
requested.
Hackers look for holes in web apps to enable them to inject such content in order to gain sensitive data about yourself, some apps use it to watch
your browsing activity and target advertising at you.
|
|
|
ReMan
|
| posted on 9/1/12 at 10:24 PM |
|
|
I got it for the first time yesterday and got quite exited at a "New" message.
I don't even think i was on LCB at the time
I expect some update has changed something such that something that has always been happening unnoticed is now reported!
www.plusnine.co.uk
|
|
|
jossey
|
| posted on 10/1/12 at 10:10 AM |
|
|
try this.
(To turn off the XSS Filter)
a. Follow the menu path: Tools -> Internet Options
b. Select the Security Tab
c. Select Custom level
d. Scroll to the Bottom of the List.
e. Click Disable XSS Filter
Important: Internet Explorer 9 includes a cross-site scripting (XSS) filter that can detect these types of attacks. If vulnerabilities are found,
Internet Explorer disables the harmful scripts. The cross-site scripting filter is turned on by default to help protect you.
For more information you may refer the article provided below:
Cross-site scripting filter
http://windows.microsoft.com/en-US/internet-explorer/products/ie-9/features/cross-site-scripting-filter
[Edited on 10/1/12 by jossey]
Thanks
David Johnson
Building my tiger avon slowly but surely.
|
|
|
MattStorey
|
| posted on 12/1/12 at 08:43 AM |
|
|
Woah! Don't disable this stuff for an average home pc user.
XSS in laymans terms terms can allow viruses and malware to be installed.
Purely and simple if google was vulnerable to XSS it can allow an attacker to execute code from malicioussite.com when you access google.com.
The problem with most home users is that they run with administrative privelages so installing software or malicious code is simple and abused by
people.
Thanks, Matt
|
|
|
