Sometimes all malicious users do is place a script inside the username, address, or search query field on a Web page. And sometimes they get help from the sites they target. Error messages from unprotected servers can provide attackers with vital clues about the security on the back end, as well as the type of server being used, and the software running on it. Full Story