lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: Cross-Site Scripting Attacks Possible At Multiple Webspace Provid ers

>I thought this was as widely known as the ability to spoof the sender
address in emails. Like you said: "The same-origin >policy that is used to
avoid cross-frame security violations is completely compromised" because it
all comes from the same >origin.
>
>Maybe people just don't know, but i've known this since I first learned
about browser script security.

I would far rather provide information that you can simply skip over than
not provide that information and leave someone else confused.  Therefore, I
aim to provide as much info as possible and let the (informed) user decide
what to do.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ