lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 20 Oct 2007 15:46:36 -0400
From: <full-disclosure@....hush.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Cross Site Hacking Browser Injection Attack
	Vulnerability Paradigms

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello friends,

I am a PhD student writing my dissertation on cross site scripting
related attacks, which I have learned is the true Achilles heel of
Intraweb exploration technologies.  One detail I am unable to find
with the assistance of the Internet Wayback machine is when and
what browsers first introduced these vulnerabilities.

So,

1) What browser was first vulnerable to these attacks,
2) Who was the responsible developer,
3) How was this vulnerable mechanism replicated across all modern
browsers,
4) Instead of patching individual XSS problems in random web-based
piano tuning software, why aren't the serious security
researchers[1] of this list working to develop better technologies
to block the entire vulnerability class, like the PaX/w^x team has
done[2], to raise the ante for computer security list posters
around the world?

Thanks for your help in advance.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkcaWxwACgkQqTTbVuUWvbLPGgQAlzDzl4PTINCvlRdco/1zocWJbJyg
CGfRjA6joWhUeRSwfeGvoNnulX3RbXLYePYcvrspZmVrM0mzj4q+tUCPm7Sh0eKfgof/
NvZWCwVKOsaDTNZSgR7yS3QYJ3R+ekdQi/3nYz61iUFFBkbqi+F8KAQmAGtIcOQgp1EN
R093Phw=
=43if
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists