Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Developer Center > Avoiding "injections" like what hit PayPal?

Avoiding "injections" like what hit PayPal?
Thread Tools
Love Calm Quiet
Mac Elite
Join Date: Mar 2001
Location: CO
Status: Offline
Reply With Quote
Jun 22, 2006, 03:17 AM
 
http://news.netcraft.com/archives/20...ity_theft.html

Pretty interesting story... but none of the details that would tell a young developer about what type of programming lapses might have been committed at a deep-pockets org like PP.

I *would* like to avoid them!

Anybody got any ideas what sort of languages/ designs that PP might have been using to get snookered so badly?
TOMBSTONE: "He's trashed his last preferences"
     
registered_user
Dedicated MacNNer
Join Date: Nov 2001
Location: Are Eye
Status: Offline
Reply With Quote
Jun 22, 2006, 04:02 AM
 
Javascript was the culprit

Here's wikipedia's take on XSS (the 'injection' method):

http://en.wikipedia.org/w/index.php?...site_scripting
54

mmm widget
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 10:52 PM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2