lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 29 Oct 2008 10:02:20 +0000
From: Adrian P. <unknown.pentester@...il.com>
To: <Valdis.Kletnieks@...edu>, Razi Shaban <razishaban@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: www.dia.mil

Welcome to the web! 

1 website = content retrieved from dozens/hundreds of sites. Much more than what the browser's address bar shows ;)

Think of ad banners, analytics JS ("legit" spyware), static content served from high-speed embedded httpds, etc ...

And yes, there are security implications to this design problem.


-----Original Message-----
From: Valdis.Kletnieks@...edu
Sent: 27 October 2008 17:22
To: Razi Shaban <razishaban@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] www.dia.mil

On Mon, 27 Oct 2008 21:07:46 +0400, Razi Shaban said:
> On Mon, Oct 27, 2008 at 7:59 PM, Bipin Gautam <bipin.gautam@...il.com> wrote:
> >
> > A picture is worth a thousand words.
> >
> > But whats so wrong about it?
> >
> > :P
> 
> 
> So what?

A US intelligence agency is basically betting the bank that statcounter.com,
a company apparently based in Ireland, doesn't get pwned or subverted.

Does that give you warm-n-fuzzies?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ