[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20060814201310.60471.qmail@cgisecurity.net>
Date: Mon, 14 Aug 2006 16:13:10 -0400 (EDT)
From: bugtraq@...security.net
To: tecklord@...ocom.cv.ua (Valery Marchuk)
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: XSS Vulnerabilities at Sun, IBM, Verisign, AOL,
Instead of emailing every single site you find an XSS in, can you just send a weekly summary instead so as not to fill
up our mailboxes to the point of not caring about what you found?
-z
http://www.cgisecurity.com/ Website Security news, and More
http://www.cgisecurity.com/index.rss [RSS Feed]
>
> This is a multi-part message in MIME format.
>
> --===============0237947780==
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0156_01C6BFF2.0562F500"
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0156_01C6BFF2.0562F500
> Content-Type: text/plain;
> charset="koi8-r"
> Content-Transfer-Encoding: quoted-printable
>
> Why world's leading security companies don't take care of their =
> security?=20
>
> I`ve published some of XSS vulnerabilities in my blog and forwarded them =
> to full-disclosure. But it seems like leading security companies don`t =
> even think of fixing these bugs. Cisco, Microsoft, Symantec, NSA, =
> F-Secure, AOL, Sun, IBM, eEye still have vulnerabilities in their web =
> sites. Is there any chance to protect ourselves from this threat? How =
> can we trust these companies, if their web sites may allow hackers to =
> compromise our computers and get access to our bank accounts?
>
>
>
> Demostration exploit of XSS vulnerability at Verisign is availabe at =
> http://www.securitylab.ru/verisign.php
>
>
>
> Other vulnerabilities cat be found at =
> http://www.securitylab.ru/blog/tecklord/?category=3D19
>
>
>
> Have a nice day,
>
> Valery
>
>
>
>
>
> ------=_NextPart_000_0156_01C6BFF2.0562F500
> Content-Type: text/html;
> charset="koi8-r"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
> <META content=3D"MSHTML 6.00.3790.2706" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT size=3D2><SPAN lang=3DEN-US style=3D"mso-ansi-language: =
> EN-US"><FONT=20
> size=3D3><FONT face=3D"Times New Roman">
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman">Why =
> world’s=20
> leading security companies don’t take care of their security? =
> <?xml:namespace=20
> prefix =3D o ns =3D "urn:schemas-microsoft-com:office:office"=20
> /><o:p></o:p></FONT></SPAN></P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman">I`ve =
> published=20
> some of XSS vulnerabilities in my blog and forwarded them to =
> full-disclosure.=20
> But it seems like leading security companies don`t even think of fixing =
> these=20
> bugs. Cisco, Microsoft, Symantec, NSA, F-Secure, AOL, Sun, IBM, =
> eEye still=20
> have vulnerabilities in their web sites. Is there any chance to protect=20
> ourselves from this threat? How can we trust these companies, if their =
> web sites=20
> may allow hackers to compromise our computers and get access to our bank =
>
> accounts?</FONT></SPAN></P></FONT></FONT></SPAN>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20
> face=3D"Times New Roman"></FONT></FONT></SPAN> </P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20
> face=3D"Times New Roman">Demostration exploit of XSS vulnerability =
> at=20
> Verisign is availabe at <A=20
> href=3D"http://www.securitylab.ru/verisign.php">http://www.securitylab.ru=
> /verisign.php</A></FONT></FONT></SPAN></P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20
> size=3D3></FONT></SPAN> </P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman" =
> size=3D3>Other=20
> vulnerabilities cat be found at <A=20
> href=3D"http://www.securitylab.ru/blog/tecklord/?category=3D19">http://ww=
> w.securitylab.ru/blog/tecklord/?category=3D19</A></FONT></SPAN></P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20
> size=3D3></FONT></SPAN> </P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman" =
> size=3D3>Have a nice=20
> day,</FONT></SPAN></P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20
> size=3D3>Valery</FONT></SPAN></P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20
> size=3D3></FONT></SPAN> </P>
> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20
> style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20
> face=3D"Times New =
> Roman"><o:p></o:p></FONT></FONT></SPAN> </P></FONT></DIV></BODY></HT=
> ML>
>
> ------=_NextPart_000_0156_01C6BFF2.0562F500--
>
>
> --===============0237947780==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> --===============0237947780==--
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists