| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 May 2007 18:09:53 +0200 From: Ulrich Keil <ulrich@...-keiler.de> To: bugtraq@...urityfocus.com Cc: Carsten Thälker | sfze <carsten.thaelker@...e.de>, Thorsten Sandfort <thorsten.sandfort@...e.de>, Michael Kühn <michael.kuehn@...e.de>, Egon Rehm <egon.rehm@...v.de> Subject: Re: XSS vulnerability on various german online banking sites (sparkasse) - CORRECTION Ulrich Keil wrote: > The "Sparkassen-Finanzgruppe" with a transaction volume of over 3.300 > billion euro is one of the largest banks for private customers in > germany. Many local member-banks of the group use the online banking > portal provided by sfze (http://www.sfze.de/), a subsidiary company of > Sparkassen-Finanzgruppe. After having published the XSS vulnerability on various sparkassen online banking sites 24 hours ago, I received feedback from the company sfze. They informed me that the DO NOT operate the online banking portal which is affected by the vulnerability. I therefore have to apologize: It was not my intention to blame the wrong company. sfze has nothing to do with the XSS vulnerability on german online-banking sites. To say this clear: I do not know definitely which subsidiary company of Sparkassen-Finanzgruppe is responsible for the online banking portal, and is able to fix this problem. Ulrich Keil -- http://www.derkeiler.com PGP Fingerprint: 5FA4 4C01 8D92 A906 E831 CAF1 3F51 8F47 1233 9AAD Public key available at http://www.derkeiler.com/uk/pgp-key.asc
Powered by blists - more mailing lists