Re: cross site exploits

[Lincoln Yeoh <lyeoh () POP JARING MY>]

At 12:47 AM 12/16/00 +0100, Bluefish (P.Magnusson) wrote:
> CSS, Cross Site Scripting, isn't really a vulnerability, it is merely one
> of the most avanced form of social engineering. As it relies on the users
> to click on 'malformed' links you supply by email or something, merely

Users don't usually have to click. For example attackers can use img src or
frame src. Or good old javascript if enabled.

HTTP-Referer can help, but less so if the attacks can be placed on your site.

I've been looking for other ways to prevent these attacks any decent
suggestions welcome.

Cheerio,
Link.