Cross-site scripting attacks are hitting major websites, including MySpace, YouTube, and even venerable oldies like MSN, Dell, and Apple.
XSS attacks were long a tool of cute little script kiddies who malformed sites for the joy of their cute little friends. As a result, some still question how big the threat really is.
Just when you get complacent, someone is going to figure out how to make money from a vulnerability. Then shit hits the fan, and a bunch of overpriced consultants run in to save the day while someone’s multi-million a year ecommerce site flails, frames displaying Winnie-the-Pooh notwithstanding.
XSS, welcome to the corporate world.