| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Jul 2012 16:37:38 -0400 From: Григорий Братислава <musntlive@...il.com> To: Gokhan Muharremoglu <gokhan.muharremoglu@...ec.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Predefined Post Authentication Session ID Vulnerability On Fri, Jul 13, 2012 at 7:23 AM, Gokhan Muharremoglu <gokhan.muharremoglu@...ec.org> wrote: > Ok. It seems i have to explain this vulnerability's effects with another > scenario. > > This is a real life scenario and i wrote it in a Turkish article for > National Information Security Portal which is run by TUBITAK. > > Article in Turkish with scenario => > http://www.iosec.org/oturum_oncesi_tanimli_cerez.pdf > > I will explain it in English now. > > There are KIOSK/Terminal machines at bank branches in Turkey. Customers can > reach to the regular Internet banking applicaton from here. This is real life common sense is answer. "So you walk into a bank" are you is serious? Is most stupid example than Security Chicken Tim. I am is walk into bank to do this stupidity while I am on is camera? Where are you is new 10 year and is under experience security freaks come is from? Hello Full Disclosure!! !! !! Is like to warn you about is robbing banks without is mask and waving to camera pizda _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists