lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <004001c6b479$be8a8770$030414ac@pc>
Date: Mon, 31 Jul 2006 11:17:20 +0300
From: "Valery Marchuk" <tecklord@...ocom.cv.ua>
To: <bugtraq@...urityfocus.com>,
	<full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Do world's famous companies take care of their
	security?

Do world's famous companies take care of their security?



There was discussion last week in the Full-Disclosure about XSS vulnerabilities in reply to XSS vulns in PayPal and Gadi Evron suggested creation of a separate mailing list for just XSS vulnerabilities. I would agree with him if PayPal and many other world's famous companies tried at least to patch such bugs:

The incident with Netscape must be example for everyone. Actually I don't understand the behavior of such companies. XSS bugs are easy to discover and easy to fix, so what's the problem? And instead of monitoring bugs these companies just put into risk their customers. That's how they do their business and that's how they take care of us - their customers. 

There are XSS flaws at Digg's and Netscape's web sites. Are they planning to fix them?

 

There are still XSS flaws at PayPal`s web site (two years and one week after XSS bugs were reveled). Are they planning to fix them? 



Example of XSS vulns are in my blog at 

http://www.securitylab.ru/blog/tecklord/?category=19



I will publish such information in my blog and hope that companies will take care of their security.

 


Valery Marchuk

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ