lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F1EDD18.9090908@ameritech.net>
From: dbailey27 at ameritech.net (northern snowfall)
Subject: Search Engine XSS

>
>
>Yes but what affect does this have on the server? How does it comprimise security? Can you use this to DoS the server? Can you use this to gain access to areas on the server otherwise not available?
>
Sometimes server security isn't the issue. Client trust is just
as important as server or network security. If an attacker can
create an instance of psychological mistrust you're carrying
out a psychological denial of service.

Unfortunately, a vast amount of our average users are
susceptible to this kind of attack. From a business sense
this is still a serious problem. If this scenario were
played out in a clever fashion, stock integrity of a given
company could be compromised.

One could almost classify this as a strange route toward
corporate espionage or corporate warfare strategy.

Security researchers might be smart enough to see through
these kinds of tactics, but can the general public? Don't
forget, the public is the end user we are supposedly
looking out for. Thus, their interests would not make
light of a vulnerability such as XSS, despite how simple
it may be to carry out the exploit.

Don

http://www.7f.no-ip.com/~north_




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ