ThinkChat2.0新版上线,更智能更精彩,支持会话、画图、阅读、搜索等,送10W Token,即刻开启你的AI之旅 广告
# Notes 1. The Samy Worm “I’ll never get caught. I’m Popular.” – [http://namb.la/popular/](http://namb.la/popular/) 2. Cross-site Scripting (Web Security Threat Classification) – [http://www.webappsec.org/projects/threat/classes/cross-](http://www.webappsec.org/projects/threat/classes/cross-site_scripting.shtml) [](http://www.webappsec.org/projects/threat/classes/cross-site_scripting.shtml) [site_scripting.shtml](http://www.webappsec.org/projects/threat/classes/cross-site_scripting.shtml) 3. Teen uses worm to boost ratings on MySpace.com, Computerworld, October 17, 2005 – [http://www.computerworld.com/securitytopics/security/holes/story/0,10801,105484,00.html](http://www.computerworld.com/securitytopics/security/holes/story/0%2C10801%2C105484%2C00.html) 4. Do Online Banks Facilitate Fraud?, TheMotleyFool.com, December 8, 2004 – [http://www.fool.com/News/mft/2004/mft04120810.htm](http://www.fool.com/News/mft/2004/mft04120810.htm) 5. Phishing with Superbait, Silicon Valley Chapter (San Jose), April, 2005 – [http://www.whitehatsec.com/presentations/phishing_superbait.pdf](http://www.whitehatsec.com/presentations/phishing_superbait.pdf) 6. Content Restrictions – [http://www.gerv.net/security/content-restrictions/](http://www.gerv.net/security/content-restrictions/) 7. A phishing wolf in sheep’s clothing, ZDNet, March 14, 2005 – [http://news.zdnet.com/2100-1009_22-5616419.html](http://news.zdnet.com/2100-1009_22-5616419.html) 8. The Cross Site Scripting FAQ – [http://www.cgisecurity.com/articles/xss-faq.shtml](http://www.cgisecurity.com/articles/xss-faq.shtml) 9. XSS cheat sheet – [http://ha.ckers.org/xss.html](http://ha.ckers.org/xss.html) 1. Ajax: A New Approach to Web Applications, Jesse James Garrett, February 18, 2005 – [http://www.adaptivepath.com/publications/essays/archives/000385.php](http://www.adaptivepath.com/publications/essays/archives/000385.php) 2. XMLHttpRequest, XUL Planet – [http://www.xulplanet.com/references/objref/XMLHttpRequest.html](http://www.xulplanet.com/references/objref/XMLHttpRequest.html) 3. Cross-Site Scripting Worm Hits MySpace, BetaNews, October 13, 2005 – [http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391](http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391) 4. Samy’s cancelled MySpace profile – [http://www.myspace.com/33934660](http://www.myspace.com/33934660) 5. Technical explanation of the MySpace worm – [http://namb.la/popular/tech.html](http://namb.la/popular/tech.html) 6. .CAIDA Analysis of Code-Red – [http://www.caida.org/analysis/security/code-red/](http://www.caida.org/analysis/security/code-red/) 7. .Code-Red: a case study on the spread and victims of an Internet worm – [http://www.caida.org/outreach/papers/2002/codered/codered.pdf](http://www.caida.org/outreach/papers/2002/codered/codered.pdf) 8. .SQL slammer (computer worm) – [http://en.wikipedia.org/wiki/SQLSlammer](http://en.wikipedia.org/wiki/SQLSlammer) 9. The Spread of the Sapphire/Slammer Worm – [http://www.cs.berkeley.edu/~nweaver/sapphire/](http://www.cs.berkeley.edu/%7Enweaver/sapphire/) 1. Slammed!, Wired, July 2003 – [http://www.wired.com/wired/archive/11.07/slammer.html](http://www.wired.com/wired/archive/11.07/slammer.html) 2. Viruses and Worms: What Can We Do About Them?, Testimony of Richard D. Pethia, September 10, 2003 – [http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/](http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/) 3. Yahoo Attack Exposes Web Weakness, BBC News, February 9, 2000 – [http://news.bbc.co.uk/1/hi/sci/tech/635444.stm](http://news.bbc.co.uk/1/hi/sci/tech/635444.stm) 4. Post to BugTraq by Elias Levy, February 11, 200 – [http://www.sdnp.undp.org/rc/forums/tech/sdnptech/msg02563.html](http://www.sdnp.undp.org/rc/forums/tech/sdnptech/msg02563.html) 5. Xanga Hit By Script Worm – [http://blogs.securiteam.com/index.php/archives/166](http://blogs.securiteam.com/index.php/archives/166) 6. Account Hijackings Force LiveJournal Changes – [http://blogs.washingtonpost.com/securityfix/2006/01/account_hijacki.html](http://blogs.washingtonpost.com/securityfix/2006/01/account_hijacki.html) 7. NoScript Firefox extension – [https://addons.mozilla.org/extensions/moreinfo.php?id=722&application=firefox](https://addons.mozilla.org/extensions/moreinfo.php?id=722&application=firefox) 8. Netcraft Toolbar – [http://toolbar.netcraft.com/](http://toolbar.netcraft.com/) 9. Security Corner: Cross-Site Request Forgeries December, 2004 – [http://shiflett.org/articles/security-corner-dec2004](http://shiflett.org/articles/security-corner-dec2004) 1. The CAPTCHA Project, Telling Humans and Computers Apart – [http://www.captcha.net/](http://www.captcha.net/) 2. Mitigating Cross-site Scripting With HTTP-only Cookies – [http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp](http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp) 3. Web Security Threat Classification – [http://www.webappsec.org/projects/threat/](http://www.webappsec.org/projects/threat/) 4. Web Application Firewall Evaluation Criteria (WAFEC) – [http://www.webappsec.org/projects/wafec/](http://www.webappsec.org/projects/wafec/)