Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC).

How the attack affects websites hosted on the Apache webserver and Apache specific issues.

Answers questions on identification, threats, and prevention. Provides examples and links.

Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest.

Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.

Paper by EyeonSecurity explaining how to inject CSS attacks into Web applications which allow Flash content.

Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Trade's Web site in September.

USA Today article by Byron Acohido that details WhiteHat Security's assessment of Hotmail, Yahoo, Amazon, and America Online.

Article on this often overlooked threat with links.