| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: steve at entrenchtech.com (Steve) Subject: Anonymous surfing my ass! You would think that the email sent to the list would have contained more information. Based on the email sent, one would might not even bother clicking on the link. And for those of us who happen to be checking email on Windoze boxes, clicking on random Internet links probably isn't the brightest thing to do from IE unless you have bothered to disable all the various active scripting etc....... How seriously would you take an email that simply said "click here www.clicktobeowned.com" > I think if you at least clicked the advisory link ( http://spoor12.edup.tudelft.nl/SkyLined%20v4.2/?Advisories/Anonymous surfing, NOT! ) it would help relieve some of your ignorance. What he's reffering to is a getting script (usually javascript) through the filters and executing on the 'anonymous' person's machine. If a site can do that they can save cookies to the machine, thereby breaking the anonymity. It's not really cross site scripting, though the techniques used to get it through are similar. Right now 'cross site scripting' seems to be the buzz word attached to any security breach involving scripts. Something we have to live with I guess. Anyway, whatever it's called SkyLined seems to be the l33test at it ;) - Blazde _______________________________________________ Full-Disclosure - We believe in it. Full-Disclosure@...ts.netsys.com http://lists.netsys.com/mailman/listinfo/full-disclosure
Powered by blists - more mailing lists