• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Cross-site Scripting

Just like the email worms you learned about in Chapter 4, “Using Email Clients for Good and Evil: Guarding Against Script-based Viruses and Worms,” Web-based email applications can be compromised with scripting attacks. These attacks are different from most attacks against Web-based email applications, in that these attacks target other users instead of targeting the server. The intent of these attacks is not to break into the database, but to gain information from other users that can be used to gain access to their account, gain additional privileges, or impersonate the victim.

Case Study 9-2

Brian opened an email in his Web-based email client. The contents indicated that it was a test email and should be deleted. Brian didn't think much of it and simply clicked the Delete button.

A couple of weeks later, Brian got a strange phone call from a friend who wanted to know why Brian was mad at him. Brian asked him what he was talking about. His friend mentioned the hateful email he had received from Brian. After hearing the email's contents, Brian told his friend that he hadn't sent it. Brian wondered if his email account had been compromised.



PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint