| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Aug 2006 16:13:10 -0400 (EDT) From: bugtraq@...security.net To: tecklord@...ocom.cv.ua (Valery Marchuk) Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: XSS Vulnerabilities at Sun, IBM, Verisign, AOL, Instead of emailing every single site you find an XSS in, can you just send a weekly summary instead so as not to fill up our mailboxes to the point of not caring about what you found? -z http://www.cgisecurity.com/ Website Security news, and More http://www.cgisecurity.com/index.rss [RSS Feed] > > This is a multi-part message in MIME format. > > --===============0237947780== > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_0156_01C6BFF2.0562F500" > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0156_01C6BFF2.0562F500 > Content-Type: text/plain; > charset="koi8-r" > Content-Transfer-Encoding: quoted-printable > > Why world's leading security companies don't take care of their = > security?=20 > > I`ve published some of XSS vulnerabilities in my blog and forwarded them = > to full-disclosure. But it seems like leading security companies don`t = > even think of fixing these bugs. Cisco, Microsoft, Symantec, NSA, = > F-Secure, AOL, Sun, IBM, eEye still have vulnerabilities in their web = > sites. Is there any chance to protect ourselves from this threat? How = > can we trust these companies, if their web sites may allow hackers to = > compromise our computers and get access to our bank accounts? > > > > Demostration exploit of XSS vulnerability at Verisign is availabe at = > http://www.securitylab.ru/verisign.php > > > > Other vulnerabilities cat be found at = > http://www.securitylab.ru/blog/tecklord/?category=3D19 > > > > Have a nice day, > > Valery > > > > > > ------=_NextPart_000_0156_01C6BFF2.0562F500 > Content-Type: text/html; > charset="koi8-r" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r"> > <META content=3D"MSHTML 6.00.3790.2706" name=3DGENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV><FONT size=3D2><SPAN lang=3DEN-US style=3D"mso-ansi-language: = > EN-US"><FONT=20 > size=3D3><FONT face=3D"Times New Roman"> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman">Why = > world’s=20 > leading security companies don’t take care of their security? = > <?xml:namespace=20 > prefix =3D o ns =3D "urn:schemas-microsoft-com:office:office"=20 > /><o:p></o:p></FONT></SPAN></P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman">I`ve = > published=20 > some of XSS vulnerabilities in my blog and forwarded them to = > full-disclosure.=20 > But it seems like leading security companies don`t even think of fixing = > these=20 > bugs. Cisco, Microsoft, Symantec, NSA, F-Secure, AOL, Sun, IBM, = > eEye still=20 > have vulnerabilities in their web sites. Is there any chance to protect=20 > ourselves from this threat? How can we trust these companies, if their = > web sites=20 > may allow hackers to compromise our computers and get access to our bank = > > accounts?</FONT></SPAN></P></FONT></FONT></SPAN> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20 > face=3D"Times New Roman"></FONT></FONT></SPAN> </P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20 > face=3D"Times New Roman">Demostration exploit of XSS vulnerability = > at=20 > Verisign is availabe at <A=20 > href=3D"http://www.securitylab.ru/verisign.php">http://www.securitylab.ru= > /verisign.php</A></FONT></FONT></SPAN></P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20 > size=3D3></FONT></SPAN> </P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman" = > size=3D3>Other=20 > vulnerabilities cat be found at <A=20 > href=3D"http://www.securitylab.ru/blog/tecklord/?category=3D19">http://ww= > w.securitylab.ru/blog/tecklord/?category=3D19</A></FONT></SPAN></P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20 > size=3D3></FONT></SPAN> </P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman" = > size=3D3>Have a nice=20 > day,</FONT></SPAN></P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20 > size=3D3>Valery</FONT></SPAN></P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20 > size=3D3></FONT></SPAN> </P> > <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 > style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20 > face=3D"Times New = > Roman"><o:p></o:p></FONT></FONT></SPAN> </P></FONT></DIV></BODY></HT= > ML> > > ------=_NextPart_000_0156_01C6BFF2.0562F500-- > > > --===============0237947780== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > --===============0237947780==-- > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists