Sorry for my absence - I've been working and partying a lot lately, thus a huge lack of updates. I am still alive though, if you were wondering or... care =).

Onto bigger and better things though. I mostly have an audience from the imeem player on myspace. It was a real small project from my perspective, and using scripts that I didn't even code to make it happen made it even smaller.

In my spare time I have read some XSS or cross-site scripting books. There is a XSS 'cheat-sheet' floating around the internet which I stumbled across as I was skimming through this book. I had an idea to combine 2 of the scripts on this cheat sheet (with a little input of my own) in a way that would allow scripts to be ran on the current domain, communicating outside of the internal domain even if we aren't permitted to do so (what xss is =]). I passed along my theory to a friend that has more knowledge in this area than myself. He setup a temporary php/mysql server to see if he could use this 'obfuscated' code on current online networks - such as friendster, myspace, imeem, facebook, zanga etc. The script he was using was basically a 'cookie-stealer'. While this sounds funny, it's actually very bad (I'm not going into why). His results came back positive for all except facebook.

My options were the following:
#1. try to get this published in an 'updated' cheat-sheet. #2. contact a friend I have who works for securityfocus.com. #3. just release it to the public.

I chose option #2. While having it published sounds good, I would never be credited. Releasing it to the public would just cause abuse from webmasters and those seeking a easy 'buck' - having it patched on all networks immediately.

While securityfocus.com really doesn't bother with such 'small-and-easily-patchable-vulns' like this, I still wanted to see what they have to say about it. Who knows maybe I could be mentioned in an article if they ever wrote one.