I apologize in advance for the computer-related post. Security researcher Brian Mastenbrook uncovered a cross-site scripting vulnerability in Ruby on Rails and quickly had injected Javascript code running in Twitter.
"One surprise I discovered during the process was that IE8 includes a Cross Site Scripting filter which effectively blocked this attack. I'm very impressed with the effort that Microsoft's taken to mitigate one of the most common web application security issues. Every other browser vendor needs to add this functionality _yesterday_." http://arstechnica.com/security/news/2009/09/ruby-on-rails-vulnerability-affects-twitter-ie8-immune.ars http://brian.mastenbrook.net/display/36 ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
