Yep, mchain, fully agree there.
That is why I cannot understand that some will criticize Quttera and say they won't trust their scans (even here in the forums).
That is totally wrong and proof that they do not understand what a gold mine the Quttera scan results can be for the security apt website admin
that knows about bad and/or insecure coding practices like modifiers, scripts in top level documents in HTTP, unchecked (eval) for dynamic content, etc. etc. etc.
I worked myself through all the appropriate SANS reader pdf documents info on the subject, for instance the "Innocent Code" one is a must top read and then wrote all relevant info down for myself in one of my writing books as that is the way for me at least to get familiar with these malcode hick-ups and learn them by heart so to spot them out at once as they come by. So my forehead start to wrinkle now at every |%3C I come accross. Else my Malware Script Detector extension will alarm when I feed part of some malcode into my search engine of choice.
But not knowing a thing about all this and keeping websites up that come to grossly endanger innocent and unaware users and actually could be considered as putting the data of website visitors at risk.
Good avast! provides us with the Shields and the detection rate goes up and up.
polonus
P.S. Seems there is some insight coming at the site as they take this seriously. Good, that is why we do it. They give users the advice not to visit the site as
they are trying to solve the problems. The message is in German, it goes like this:
Sehr geehrter Nutzer des OTR-Forums (www.otrforum.com)
Es gibt derzeit technische Probleme, daher können wir Ihnen zum Erfahrungsaustausch derzeit nur den Support-Chat anbieten.
Wir hoffen, dass wir das Problem innerhalb dieser Woche lösen können.
Damian