You're replying to a comment by John H.

July 18, 2008, 20:49

I've got two questions that might somewhat deflate the presentation:

#1 In the SQL injection 'union' attack (clever!) how did the attacker know the columns names and types... inside job? Surely probing on that by an attacker would leave massive traces

#2. In the XSS attack, surely the site would not announce itself as 'evil.org' ... would the name be utterly shrouded, or would there be a placeholder name, and if so... what would Alice be aware of it? ah the zero-size iframe... clever again

Reply To This Comment

(why do I need your e-mail?)

(Your twitter name, if you have one. (I'm @pkrumins, btw.))

Type the first letter of your name: (just to make sure you're a human)

Please preview the comment before submitting to make sure it's OK.