RE: mal blogs use, take #2

["Todd Towles" <toddtowles () brookshires com>]

It isn't going to stop for a long time I don't think XSS is everywhere
as you know...and these sites have almost no reason to "secure up".
These blogs and profile sites just want people to click on ads. Nothing
more..that is there money. They don't mind closing the site for hours at
a time...which Myspace does all the time.

You get a free profile, get to keep in touch with friends and we use you
to make money...I suggested SSL login to Myspace and I never heard
anything back. No surprise. They could just use a pre-sign cert..lol 

> -----Original Message-----
> From: Gadi Evron [mailto:ge () linuxbox org] 
> Sent: Thursday, January 05, 2006 1:50 PM
> To: Todd Towles
> Cc: Roland Dobbins; FunSec [List]
> Subject: Re: [funsec] mal blogs use, take #2
>
> Todd Towles wrote:
> > Sometimes very similar also happened on Xanga about a week 
> or two ago.
> > It is a XSS self-spreading script (worm). 
>
> So it is starting to gather speed... where it stops, nobody knows.
>
> Xanga: http://blogs.securiteam.com/index.php/archives/166
>
>       Gadi.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.