Press Release
Release Date:
April 15, 2008
Cyveillance Offers Best Practices on Cross-Site Scripting Protection
White Paper Outlines the Definition, Illustration and Prevention of
Hard to Detect Phishing Attacks
ARLINGTON , Va. , April 15, 2008 -- Cyveillance, the world leader in cyber intelligence , today announced the availability of its “Phishing Using Cross-Site Scripting: Definition, Illustration and Prevention” white paper. Recently brought to light in USA Today, the Web page vulnerability known as cross-site scripting (XSS) is used by criminals to facilitate fraud and commit identity theft through unprotected, legitimate Web sites. Cyveillance’s white paper addresses the many questions and concerns regarding this threat and provides easy steps an enterprise can perform in-house to mitigate risk. Additionally, Cyveillance has developed an accompanying best practices video, which is available along with the white paper at http://www.cyveillance.com/xss/.
“While conceptually similar to ‘traditional’ phishing attacks that present a spoofed login or input screen, XSS attacks are particularly dangerous because they occur only in the user’s browser while visiting a legitimate Web site,” said Panos Anastassiadis, CEO and Chairman of Cyveillance. “For that reason, traditional phishing defenses such as heuristic tools and URL blacklists are of little use since legitimate Web sites are normally listed as ‘trusted’ sites. Fortunately, XSS attacks are easy to prevent or mitigate with the use of established and freely available Web server security best practices.”
XSS is a security vulnerability that allows the injection of programming code by malicious third parties into legitimate Web pages. This type of attack presents a serious risk by allowing phishers or fraudsters to launch an attack against companies without directly targeting or gaining access to the real Web site or constructing a counterfeit site. Specifically, the use of XSS allows unsuspecting Web visitors to see forms, input and send data, or be exposed to malicious downloads and other content while viewing a legitimate Web site. For more information on this and other vulnerabilities Cyveillance protects against, please visit: http://www.cyveillance.com/web/solutions/.
About Cyveillance
Cyveillance, the world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data Partners – protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 30 million global consumers through its partnerships with security and service providers that include AOL and Microsoft. For more information, visit http://www.cyveillance.com.