Truste XSS Vulnerability / Won’t Someone Give Some Money?


I was just planning on a quick little link for this cross site scripting vulnerability that is shown corrupting Truste’s “click to verify” privacy seal program. Not really huge news in and of itself, though a little troubing.

I know and like some people who work at Truste, but they’ve picked a tough job for themselves. Because there are pretty direct financial benefits to finding ways to appear legit when you’re not, there are always going to be more resources invested in trying to expliot systems like Truste than resources invested in keeping such systems ahead of the scammers. The payoff for improving these systems is largely intangible: reputation, really, which is not negotiable currency in most places. (As long as we’re on the topic, the places where reputation is a real currency are generally the most interesting places to be, but that’s a different discussion entirely.)

But anyway, the real problem is that is down again. I think that the service is great and use it constantly, but appears to be a victim of its own success: they’ve gone down three or four times in recent memory, which is getting close to the level of “if I can’t depend on it being there, I guess I can’t use it” for me.

I haven’t given much thought to how one might try to actually generate revenue by operating, but perhaps someone else could, and put them in touch with some friendly angels or VCs? :) I don’t want to give up on, but the outages are getting to be a pain in the ass.

Whenever the site comes back up I’m going to check and see if they’ve set up a simple way for me to give them some money, but it’s going to take a lot more than what I can afford to give them…