"Input validation errors have been identified in code generated by Dreamweaver and Contribute which could lead to potential cross-site scripting attacks," Adobe explains in one of its bulletins. "Only customers who have used the Insert Flash Video command in Dreamweaver or Contribute may be vulnerable."
Rich Cannings, a senior information security engineer at Google, described the risks in a public Google Docs file earlier in January, noting that many Web authoring tools insert vulnerable ActionScript code into Flash (.SWF) files. He said that Google hacking queries could reveal hundreds of thousands of vulnerable .SWF files and that "a considerable percentage of major Internet sites are affected."
XSS vulnerabilities are not uncommon. The site XSSed.com maintains a list of reported XSS holes in Web sites. On Friday, January 18, at the time this article was filed, 10 new vulnerabilities have been reported. The site shows that XSS vulnerabilities have been reported many high-profile domains including yahoo.com, google.com, youtube.com, and msn.com, to name a few. Some of these flaws have been fixed; others apparently remain.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.