lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu May 26 15:44:57 2005
From: anthrax101 at gmail.com (Aaron Horst)
Subject: Not even the NSA can get it right

On 5/25/05, Castigliola, Angelo <ACastigliola@...mprovident.com> wrote:
> What would XSS on NSA.GOV get a hacker anyways? Steal my NSA.GOV cookie
> 
> "CFID
> 756140
> nsa.gov/
> 1024
> 2871474816
> 31895379
> 3010520960
> 29692615
> *
> CFTOKEN
> 41950083
> nsa.gov/
> 1024
> 2871474816
> 31895379
> 3010820960
> 29692615
> *"
> 
> Don't think a hacker could do much with this. At best someone could try
> to use the exploit to phish passwords from NSA.GOV employees.
> 
> -Angelo Castigliola III
> Security Architect
> 

I don't know about you, but I personally think you could do quite a
bit of identity theft by seeing a few NSA applicants' resumes. Who
else would be more willing to give a "recruiter" sensitive personal
information?

https://www.nsa.gov/applyonline/index.html

AnthraX101

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ