[security-alerts] FYI: Cross-Site Scripting Worms and Viruses

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> -----Original Message-----
> From: Jeremiah Grossman [mailto:jeremiah@xxxxxxxxxxxxxxx] 
> Sent: Wednesday, May 03, 2006 11:18 PM
> To: Web Security
> Subject: [WEB SECURITY] White Paper: Cross-Site Scripting 
> Worms and Viruses
> 
> 
> Cross-Site Scripting Worms and Viruses[1] white paper, describes how  
> "XSS outbreaks are capable of propagating faster and cleaner than  
> even the most notorious worms such as Code Red, Slammer and  
> Blaster."  For comparison, the Samy Worm[2] that shutdown MySpace  
> last year controlled enough web browsers to possibly leverage 
> "122 Gb/ 
> s of throughput and 1,000,000 HTTP requests per/sec", about 100x the  
> resources of the massive DDoS attack[3] that knocked out Yahoo,  
> Schwab, and Amazon.com in early 2000.  Currently we are in the early  
> stages of XSS malware exploration.
> 
> [1] http://www.whitehatsec.com/downloads/WHXSSThreats.pdf
> [2] http://namb.la/popular/
> [3] http://news.bbc.co.uk/1/hi/sci/tech/635444.stm
> 
> 
> Regards,
> 
> Jeremiah Grossman
> Founder and CTO
> WhiteHat Security, Inc.
> http://www.whitehatsec.com
> 
> 
> - Sponsored Advertisement 
> --------------------------------------------------
> The Software Security Summit is the only event that addresses security
> issues at the application development level. Join us Jun 5-7, 
> Baltimore, MD.
> http://www.s-3con.com
> --------------------------------------------------------------
> --------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
> 
>