Sign in / up

back to article Ten years after the Samy worm its discoverer's voice is lost in the din

It has been 10 years since Sydney security bod Wade Alcorn disclosed how cross-site scripting vulnerabilities could be weaponised, a revelation that would one week later see the proof of concept become the fastest-spreading worm ever. There is no direct link between Alcorn's disclosure and Samy Kamkar's eponymously named worm …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Destroy All Monsters Silver badge
    Gimp

    "Defence comes back to proper output encoding, and input validation."

    Amen brother and"; DELETE FROM TABLE COMMENTS WHERE USER LIKE '%'

    3 0 Reply
    1. Michael Wojcik Silver badge
      Reply Icon

      Argh. XSS and SQL injection are so very different.

      document.getElementById("body").value="pwned"; document.forms[0].submit();

      (I'd have enclosed that in script tags to make it look right, but that dumps me on some Cloudflare captcha page. So apparently Cloudflare are, in fact, doing some sort of input blacklisting for the Reg. Bah. Sanitize on input and generate output correctly. Don't filter - it's ugly and leads to a lousy user experience.)

      0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    BEEF is still the best though

    Delicious and tasty, especially medium-rare...

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like