Svoboda | Graniru | BBC Russia | Golosameriki | Facebook

To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

Self-XSS

From Wikipedia, the free encyclopedia

Self-XSS (self cross-site scripting) is a attack used to gain control of victims' web accounts. In a Self-XSS attack, the victim of the attack runs in their own web browser, thus exposing personal information to the attacker, a kind of vulnerability.[1]

YouTube Encyclopedic

  • 1/3
    Views:
    5 737
    333 204
    257 817
  • Self-XSS: Are You Safe From Yourself?
  • Cross-Site Scripting (XSS) Explained And Demonstrated By A Pro Hacker!
  • Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!

Transcription

Overview

A Self-XSS attack warning on a browser's web developer console

Self-XSS operates by tricking users also into copying and pasting malicious content into their browsers' web developer console.[1] Usually, the attacker posts a message that says by copying and running certain code, the user will be able to receive virtual rewards or hack a website. In fact, the code allows the attacker to hijack the victim's account.[2]

History and mitigation

In the past, a very similar attack took place, in which users were tricked into pasting malicious JavaScript into their address bar. When browser vendors stopped this by preventing easily running JavaScript from the address bar,[3][4] attackers started using Self-XSS in its current form. Web browser vendors and web sites have taken steps to mitigate this attack. Firefox[5] and Google Chrome[6] have both begun implementing safeguards to warn users about Self-XSS attacks. Facebook and others now display a warning message when users open the web developer console, and they link to pages explaining the attack in detail.[7][8]

Etymology

The "self" part of the name comes from the fact that the user is attacking themselves. The "XSS" part of the name comes from the abbreviation for cross-site scripting, because both attacks result in malicious code running on a legitimate site. However, the attacks do not have much else in common, because XSS is an attack against the website itself (which users cannot protect themselves against but can be fixed by the site operator making their site more secure), whereas Self-XSS is a social engineering attack against the user (against which savvy users can protect themselves but the site operator cannot prevent).[9]

References

  1. ^ a b Scharr, Jill (July 28, 2014). "Facebook Scam Tricks Users Into Hacking Themselves". Tom's Guide US. Purch. Retrieved September 27, 2014.
  2. ^ "Social Networking Security Threats". Sophos. n.d. Retrieved September 27, 2014.
  3. ^ "Bug 656433 – Disallow javascript: and data: URLs entered into the location bar from inheriting the principal of the currently-loaded page". Bugzilla. Mozilla Foundation. May 11, 2011. Retrieved September 28, 2014.
  4. ^ "Issue 82181: [Linux] Strip javascript: schema from pastes/drops to omnibox". Google Code. May 10, 2011. Retrieved September 28, 2014.
  5. ^ "Bug 994134 – Warn first-time users on pasting code into the console". Bugzilla. Mozilla Foundation. April 9, 2014. Retrieved September 28, 2014.
  6. ^ "Issue 345205: DevTools: Combat self-XSS". Google Code. May 10, 2011. Retrieved September 28, 2014.
  7. ^ "What do Self-XSS scams look like?". Facebook Help. Facebook. July 11, 2014. Retrieved September 27, 2014.
  8. ^ "What is Self-XSS?". Facebook Help. Facebook. July 15, 2014. Retrieved September 27, 2014.
  9. ^ Ilascu, Ionut (July 28, 2014). "Hackers Trick Facebook Users into Self Cross-Site Scripting (XSS) Scam". Softpedia. SoftNews NET SRL. Retrieved September 27, 2014.

Further reading

This page was last edited on 8 June 2024, at 13:06
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy