To reduce the amount of data transferred in each request, Vic??™s positions are
represented as a JavaScript array listing the stock symbol, number of shares, and current
price:
[["MSFT",100,31.43]
,["GOOG",50,510.22]
,["AAPL",10,115.67]
]
During Vic??™s trading day, he enjoys hanging out on message boards with other
traders, gathering stock tips, and discussing the market. During one of these browsing
sessions, he comes upon a message posted by somebody with the screen name Irene
Innocent:
Are you a user of BadStockTrader.com? I am, and I??™m concerned about recent security flaws
found in their website. You can read the report I read here: http://tinyurl.com/2vshw4.
Vic is naturally interested in the security of his brokerage account, so he clicks the
link. He finds a web page containing an unsubstantiated claim that his account is
insecure. While reading this text, he was not aware of the actions being taken by the
JavaScript included in the web page, shown here:
BadStockBroker.com has lots of bad security flaws! You should not use them
because??¦