[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b6ee9310607310318u554c7703n519b5f531828ff2a@mail.gmail.com>
Date: Mon, 31 Jul 2006 10:18:38 +0000
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Do world's famous companies take care of their
security?
On 7/31/06, Valery Marchuk <tecklord@...ocom.cv.ua> wrote:
>
>
>
> Do world's famous companies take care of their security?
>
>
>
> There was discussion last week in the Full-Disclosure about XSS
> vulnerabilities in reply to XSS vulns in PayPal and Gadi Evron suggested
> creation of a separate mailing list for just XSS vulnerabilities. I would
> agree with him if PayPal and many other world's famous companies tried at
> least to patch such bugs…
>
> The incident with Netscape must be example for everyone. Actually I don't
> understand the behavior of such companies. XSS bugs are easy to discover and
> easy to fix, so what's the problem? And instead of monitoring bugs these
> companies just put into risk their customers. That's how they do their
> business and that's how they take care of us – their customers.
>
> There are XSS flaws at Digg's and Netscape's web sites. Are they planning to
> fix them?
>
>
>
> There are still XSS flaws at PayPal`s web site (two years and one week after
> XSS bugs were reveled). Are they planning to fix them?
>
>
>
> Example of XSS vulns are in my blog at
>
> http://www.securitylab.ru/blog/tecklord/?category=19
>
>
>
> I will publish such information in my blog and hope that companies will take
> care of their security.
>
>
>
> Valery Marchuk
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
Hi,
This subject has already been discussed, so you're best reading the
original thread than encouraging people to repeat what they've already
said:
[snip]
laws are needed to make it more illegal for
corporations to shurg off cross site scripting being left unpatched.
[/snip]
Read my full reply:
http://groups.google.com/group/n3td3v/browse_thread/thread/19c0473bf4222572/ca276ba9113d791e
n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists