Comments on: Google: Chili’s.com “may harm your computer” http://ineedattention.com/technology/2008/07/27/google-chiliscom-may-harm-your-computer/ Rants on business, science, technology, society, politics, police, and justice, plus life hacks and tricks, since 2003. Tue, 24 Aug 2010 21:14:41 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: m http://ineedattention.com/technology/2008/07/27/google-chiliscom-may-harm-your-computer/comment-page-1/#comment-13171 m Thu, 31 Jul 2008 04:29:16 +0000 http://ineedattention.com/?p=229#comment-13171 Cross site scripting is the answer.. if I was bored I could redirect your order to my server and rip your card then send it to Chili's.. Theoretically. You would still get your salad. http://en.wikipedia.org/wiki/Cross-site_scripting EDITOR'S REPLY: That's a sensible theory, except that you can't actually order online at Chili's website, you have to actually call your local Chili's to order, and you pay at the restaurant when you pick it up. It looks like their website just got hacked the old fashion way (exploiting some off-the-shelf software Chili's was using to host their page), and some Russian spammers were able to inject a drive-by download into the source. Cross site scripting is the answer.. if I was bored I could redirect your order to my server and rip your card then send it to Chili’s.. Theoretically. You would still get your salad.

http://en.wikipedia.org/wiki/Cross-site_scripting

EDITOR’S REPLY: That’s a sensible theory, except that you can’t actually order online at Chili’s website, you have to actually call your local Chili’s to order, and you pay at the restaurant when you pick it up. It looks like their website just got hacked the old fashion way (exploiting some off-the-shelf software Chili’s was using to host their page), and some Russian spammers were able to inject a drive-by download into the source.

]]>