lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 31 Jul 2006 10:18:38 +0000
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Do world's famous companies take care of their
	security?

On 7/31/06, Valery Marchuk <tecklord@...ocom.cv.ua> wrote:
>
>
>
> Do world's famous companies take care of their security?
>
>
>
> There was discussion last week in the Full-Disclosure about XSS
> vulnerabilities in reply to XSS vulns in PayPal and Gadi Evron suggested
> creation of a separate mailing list for just XSS vulnerabilities. I would
> agree with him if PayPal and many other world's famous companies tried at
> least to patch such bugs…
>
> The incident with Netscape must be example for everyone. Actually I don't
> understand the behavior of such companies. XSS bugs are easy to discover and
> easy to fix, so what's the problem? And instead of monitoring bugs these
> companies just put into risk their customers. That's how they do their
> business and that's how they take care of us – their customers.
>
> There are XSS flaws at Digg's and Netscape's web sites. Are they planning to
> fix them?
>
>
>
> There are still XSS flaws at PayPal`s web site (two years and one week after
> XSS bugs were reveled). Are they planning to fix them?
>
>
>
> Example of XSS vulns are in my blog at
>
> http://www.securitylab.ru/blog/tecklord/?category=19
>
>
>
> I will publish such information in my blog and hope that companies will take
> care of their security.
>
>
>
> Valery Marchuk
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Hi,

This subject has already been discussed, so you're best reading the
original thread than encouraging people to repeat what they've already
said:

[snip]
laws are needed to make it more illegal for
corporations to shurg off cross site scripting being left unpatched.
[/snip]

Read my full reply:

http://groups.google.com/group/n3td3v/browse_thread/thread/19c0473bf4222572/ca276ba9113d791e

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ