lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 23 Sep 2009 00:49:26 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: Tхnu Samuel <tonu@....ee>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Cross-Site Scripting attacks via redirectors
	in different browsers

Hello Tõnu!

I'm glad that you liked my article (and advisories) about Cross-Site
Scripting attacks via redirectors.

You can read my next article on English - Redirectors: the phantom menace
(http://websecurity.com.ua/3495/).

> And do not forget, this is feature, not bug :P

First, vulnerability it's not the same as bug, these are different things.
And so in security field words such as vulnerabilities, vulns and holes must
be used, but not "bugs" (to not decrease their level of criticality to
ordinary software errors which are bugs).

Second, you are right, it's feature (and it was well-known aphorism).
Especially it's feature in hacker's hands ;-).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: "Tхnu Samuel" <tonu@....ee>
To: "MustLive" mustlive@...security.com.ua
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Saturday, September 19, 2009 8:17 PM
Subject: Re: [Full-disclosure] Cross-Site Scripting attacks via redirectors
in different browsers


>> I wrote about five method of attacks in the article (via location-header
>> and
>> refresh-header redirectors) - about four of them I already posted in
>> Bugtraq. In this letter I'll inform you about new vulnerable browsers to
>> those vulnerabilities which I wrote to Bugtraq before.
>
> Thanks, useful info for me at least. And do not forget, this is feature,
> not bug :P
>
>  Tõnu 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ