lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 7 Aug 2006 16:28:54 -0400
From: "SPI Labs" <Spi.Labs@...dynamics.com>
To: <webappsec@...urityfocus.com>, <bugtraq@...urityfocus.com>,
	<pen-test@...urityfocus.com>, <vuln-dev@...urityfocus.com>
Subject: Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper]


"One new feature of "Web 2.0", the movement to build a more responsive
Web, is the utilization of XML content feeds which use the RSS and Atom
standards. These feeds allow both users and Web sites to obtain content
headlines and body text without needing to visit the site in question,
basically providing users with a summary of that sites content.
Unfortunately, many of the applications that receive this data do not
consider the security implications of using content from third parties
and unknowingly make themselves and their attached systems susceptible
to various forms of attack."


[Link]
Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations
http://www.spidynamics.com/assets/documents/HackingFeeds.pdf


[Contact Information]
spilabs@...dynamics.com
SPI Dynamics, Inc.
115 Perimeter Center Place N.E.
suite 1100
Atlanta, GA. 30346
Toll-Free Phone: (866) 774-2700

SPI Dynamics was founded in 2000 by a team of accomplished Web security
specialists; SPI Dynamics is the leader in Web application security
technology. With such signature products as WebInspect, SPI Dynamics is
dedicated to protecting companies' most valuable assets. SPI Dynamics
has created a new breed of Internet security products for the Web
application, the most vulnerable yet least secure component of online
business infrastructure.

Copyright (c) 2006 SPI Dynamics, Inc. All rights reserved worldwide.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ