lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-id: <66689017-1259-4250-AF2F-DED30DD24E91@mac.com>
Date: Thu, 19 Aug 2010 15:11:45 -0700
From: Chuck Swiger <cswiger@....com>
To: Holger Rabbach <hrabbach@...ssroad-networks.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Web Tool Announcement: ismymailsecure.com

Hi, Holger--

On Aug 18, 2010, at 2:59 AM, Holger Rabbach wrote:
> I am happy to announce the immediate availability of a web based email
> security testing tool at http://www.ismymailsecure.com.  [ ... ]
> If you have any concerns about having to enter a full email address,
> please be advised that this address is never stored anywhere. The only
> reason that the site asks for an email address rather than a domain is
> that it makes it easier for end-users to enter the correct information.
> Feel free to enter anything you like as the left hand part of the
> address, as it will be immediately stripped off by the tool anyway.

Your tool doesn't implement RFC-822 (2822/3696) address-checking properly; it returns:

  "cswiger+test@....com is an invalid email address"

Regards,
-- 
-Chuck

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ