"XSS enables attackers to inject client-side scripts into web pages viewed by other users." Meh, boring topic.
Not sure how you can quantify "aggregate risk", but I'd say it's exactly the opposite.
-
-
That is, the apps where you keep your data can easily sandbox ads. Can't easily prevent XSS
-
I don't mean what they can do, I mean what they do do. The aggregate risk out there.
-
The risk is someone stealing my email/photos/documents. Not a website logging my visit.
-
You are missing the point. Black hats constantly abuse ad networks.
-
Regular XSS targets one site at a time. Hack GA and you instantly own 80% of Alexa top 1M.
-
Sure. If you own Google infrastructure, you win. Same if you own Apple. Your point is? ;-)
-
Apple is not hot linked on 80% of Alexa top 1M. We're talking the web here.
-
Even if you trust, say Google and FB, the list goes on, especially in ads.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.