Be the first to like this
This was delivered as a talk was given at jsFoo 2011 in Bangalore, India.
Three main attacks are mentioned.
1. Using JS for cookie stealing.
2. Using JS for stealing Google page rank.
3. Using JS for logging into ADSL routers without any user intervention.
Also mentioned is the MySpace XSS worm by Samy Kamkar. A lot of the original research for this has been done by Jeremiah Grossman.