CGISecurity Logo

When XSS can cost you $10,000

"Did you hear the one about the hacker-free e-mail service that was so confident about its enhanced security measure that it offered up $10,000 to anyone who could hack into it?

It got hacked.

Here’s the part that’s really crazy, though. There was initially
some question as to whether or not the team of three hackers who got in
would be allowed to collect the $10,000 because – get this! – they may
not have followed the rules of the contest."

Read more: http://blogs.zdnet.com/BTL/?p=19318
XSS FAQ: http://www.cgisecurity.com/xss-faq.html