CIA.gov - Deliciously XSS Hackable
Some cross-site scripting fun from our friends in the intelligence gathering biz...
Look Ma, I'm on CIA.gov - Threat Level, Wired Blogs
Quote:
In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code.
Most are run-of-the-mill and hardly worth writing about, but reader HS writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist.
Be sure to override your browser's XSS protection to view the example.