Note to IT people. If you don't know about a subject, don't blog about it like you do.
Case in point, Fortify recently posted this blog entry about XSS (cross-site scripting).
Fortify states, "In short, XSS vulnerabilities can enable an attack to alter the price of an item displayed on a reputable website. At first glance this appears harmless since the attacker can't actually purchase the item at the modified price. However, by printing out the page showing the modified price and requesting a price match at a competing store, the attacker can leverage this technique to acquire goods at radically discounted prices"
WHAT?!?
Why doesn't the attacker just save the content of the website locally and then just modify it? This article is ridicioulous and should discredit "mmadou", the author of the article, as a security expert. Ridiculous.
