Today, I spent my time on the Cyberstart program again. I advanced to Level 12, with a total of over 70,000 points. The most Web-attack relevant thing I learned today was about how to execute an XSS attack. XSS stands for Cross-Site Scripting, and it is a type of attack frequent on forums and other sites (such as the Physics server weblogs, in fact) that allow user-generated posts. A user embeds script in their post's HTML, which will be run on the computer of anyone who views the page if the post is not properly sanitized of executable content. This allows users to steal each others' session cookies, redirect links, and so on, using various types of malicious JavaScript. Next class, I will work on Level 12, which so far seems to involve more cryptography than other levels. Additionally, I noticed that the laser cutters are unpacked and partially set up. If there is an opportunity to help with that process, I would like to join in.
grayson_o
Comments