I saw a post this morning point to a fiction story over at Michael Daw’s website about how XSS can be used to steal national secrets. It’s based loosely off of the concepts that Jeremiah built and it references pdp (architect)’s paper on XSSing the Lan. Basically this is just a sensationalist outlook of what is possible, but it’s still an interesting narrative.
I’ve never been a fearmonger, but for the first time in my life I’ve found myself telling people, “I don’t know a company I couldn’t break into.” Every system I’ve found has vulnerabilities. There was something Bruce Schneier wrote a number of years back (and I’m paraphrasing here) that said that for every man hour it takes to build security it takes n+1 to break it. That is, if there are vibration mics in the ground it will take exactly n+1 the time it took to place them and test them and get them working properly as it would to break in.