Boo at NSA
It is a general misconception that NSA involvement made Windows Vista more secure. NSA may certainly know stuff about cryptography but they are only humans. Thus, when it came to security, they suck like everybody else. Here is a cross-site script (XSS) vulnerability at the NSA web site for a sample:
http://www.nsa.gov/notices/notic00004.cfm?Address="%20onmouseover="alert('boo')
(go to ACCEPT link at the bottom of page)
See, a plain input validation is not something that NSA great at. Do not take it for granted then.
Subscribe to RSS feed