|
|
|
|
|
|
by RyanZAG
4818 days ago
|
|
|
There is no evidence of any cross-site scripting vulnerability - it's a standard case of 'user executes malicious code with full user rights'. If anybody is to blame for that, it's Oracle for letting users shoot themselves in the foot with an 'OK' dialog that all Windows users just click OK on anyway. MtGox could help prevent this with something like Steam's approach, but once the user has run malicious code there is not much stopping that code from also compromising his email account. Two factor authentication would help here, and MtGox does appear to offer this - the complainer just didn't use it. |
|
|