Web Security



There was a cross-site scripting vulnerability in an eBay domain that could have allowed an attacker to steal users’ session cookies and take over their accounts. The company has removed the vulnerable page, according to the researcher who discovered the bug and disclosed it to eBay, Aditya Sood. The vulnerability existed on an eBay subdomain, […]

After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. Know as […]