Notes
The Samy Worm “I’ll never get caught. I’m Popular.” – http://namb.la/popular/
Cross-site Scripting (Web Security Threat Classification) – http://www.webappsec.org/projects/threat/classes/cross- site_scripting.shtml
Teen uses worm to boost ratings on MySpace.com, Computerworld, October 17, 2005 – http://www.computerworld.com/securitytopics/security/holes/story/0,10801,105484,00.html
Do Online Banks Facilitate Fraud?, TheMotleyFool.com, December 8, 2004 – http://www.fool.com/News/mft/2004/mft04120810.htm
Phishing with Superbait, Silicon Valley Chapter (San Jose), April, 2005 – http://www.whitehatsec.com/presentations/phishing_superbait.pdf
Content Restrictions – http://www.gerv.net/security/content-restrictions/
A phishing wolf in sheep’s clothing, ZDNet, March 14, 2005 – http://news.zdnet.com/2100-1009_22-5616419.html
The Cross Site Scripting FAQ – http://www.cgisecurity.com/articles/xss-faq.shtml
XSS cheat sheet – http://ha.ckers.org/xss.html
Ajax: A New Approach to Web Applications, Jesse James Garrett, February 18, 2005 – http://www.adaptivepath.com/publications/essays/archives/000385.php
XMLHttpRequest, XUL Planet – http://www.xulplanet.com/references/objref/XMLHttpRequest.html
Cross-Site Scripting Worm Hits MySpace, BetaNews, October 13, 2005 – http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391
Samy’s cancelled MySpace profile – http://www.myspace.com/33934660
Technical explanation of the MySpace worm – http://namb.la/popular/tech.html
.CAIDA Analysis of Code-Red – http://www.caida.org/analysis/security/code-red/
.Code-Red: a case study on the spread and victims of an Internet worm – http://www.caida.org/outreach/papers/2002/codered/codered.pdf
.SQL slammer (computer worm) – http://en.wikipedia.org/wiki/SQLSlammer
The Spread of the Sapphire/Slammer Worm – http://www.cs.berkeley.edu/~nweaver/sapphire/
Slammed!, Wired, July 2003 – http://www.wired.com/wired/archive/11.07/slammer.html
Viruses and Worms: What Can We Do About Them?, Testimony of Richard D. Pethia, September 10, 2003 – http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/
Yahoo Attack Exposes Web Weakness, BBC News, February 9, 2000 – http://news.bbc.co.uk/1/hi/sci/tech/635444.stm
Post to BugTraq by Elias Levy, February 11, 200 – http://www.sdnp.undp.org/rc/forums/tech/sdnptech/msg02563.html
Xanga Hit By Script Worm – http://blogs.securiteam.com/index.php/archives/166
Account Hijackings Force LiveJournal Changes – http://blogs.washingtonpost.com/securityfix/2006/01/account_hijacki.html
NoScript Firefox extension – https://addons.mozilla.org/extensions/moreinfo.php?id=722&application=firefox
Netcraft Toolbar – http://toolbar.netcraft.com/
Security Corner: Cross-Site Request Forgeries December, 2004 – http://shiflett.org/articles/security-corner-dec2004
The CAPTCHA Project, Telling Humans and Computers Apart – http://www.captcha.net/
Mitigating Cross-site Scripting With HTTP-only Cookies – http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp
Web Security Threat Classification – http://www.webappsec.org/projects/threat/
Web Application Firewall Evaluation Criteria (WAFEC) – http://www.webappsec.org/projects/wafec/