Verizon’s 2009 Data Breach Investigation Report
Reading time: 1 – 2 minutes
Verizon’s annual data breach investigation report came out last week, and I finally had a chance to read through it. I read others security bloggers synopsis of it but none of them seemed to point out anything that was interesting to me.
Here is the interesting bit that I found: Verizon actually recorded someone using XSS as an attack vector.
Typically, it is very difficult to find anything on-line that points to people using XSS maliciously. Most of the time, XSS is used to increase page views (recent Mikeyy worm) or for popularity (Sammy Worm).
We, the security community, now have some type of hard evidence to explain how XSS could potentially be an issue for companies. Is this enough to bring awareness to management?
Related posts:
