ATLANTA -- S.P.I. Dynamics, Inc. (http://www.spidynamics.com), the expert in Web application security, today announced the company's renowned R&D team, SPI Labs, has discovered a technique to scan a network, fingerprint all the Web-enabled devices found,
and send attacks or commands to those devices.
This technique can scan networks protected behind firewalls such as
uses parts of the standard that are almost ten years old. Accordingly, the
code can execute in nearly any Web browser on nearly any platform when a
exploiting any browser bug or vulnerability, there is no patch or defense
The code can be part of a Cross-Site Scripting (XSS) attack payload,
thereby increasing the potential damage caused by XSS. These
vulnerabilities are extremely common and large companies like MySpace.com
and Yahoo.com have had high-profile XSS attacks that affected millions of
users in the past year.
"Web application vulnerabilities, particularly cross-site scripting,
are most frequently viewed by security professionals as a nuisance.
However, SPI Labs has been closely tracking the escalating damage that
these vulnerabilities can cause as they become mainstream," said Billy
Hoffman, Lead Research Engineer, SPI Labs. "This potentially devastating
Scripting, demonstrates that these vulnerabilities should no longer be last
in line to be addressed. There is no such thing as a harmless XSS
S.P.I. Dynamics Inc.