Hacking live in TV

https://www.facebook.com/502727856452797/videos/1312312478827660/

Not so difficult to figure out the vulnerable website this guy talks
about...

Gianpaolo

Mmm.. the phishing/malware thing is well known by the IT (security)
guys, but underestimated/unknown by the users/managers/non IT ppl. Some
awareness is always welcome, but maybe one of two words on how to (try
to) avoid them where useful..

About the vulnerabilities.. the screen seems the be the output of an
automatic scanning tool, and the section displayed shows "DOM based
XSS", which are oft (when found through these tools) wrongly reported
("false positives"; and i mean, with an error rate between 95 and
100%..).

A manual review is always needed and could be done without violating the
law/trying to break into the "target" (it is all "client-side"), but if
this was done, no proofs where given.

Btw, these attacks allows to "steal" the account/session of other users,
not to gain access to the targets with elevated privileges (than the
privileges of the victims).

After, he speaks about "other vulnerabilities" that could allow to break
into these sites, but no details where given, which could mean "i hacked
these sites, but of course i can't show any proof because (isn't legal|i
have an NDA|whatever)" or maybe is just a speculation for having
something spicy to say..

ciao,
I.