Reply to post: Re: "Moore's (benign) proof-of-concept demo from Halifax Bank" is broken...

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

Paul Moore

Re: "Moore's (benign) proof-of-concept demo from Halifax Bank" is broken...

It's not broken. The use of Google translate is crucial to this attack, as only code residing on Google's subdomain will execute.

(And 7 other Lloyds domains and 1 IBM wildcard)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021