lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <001401c6c55c$6bc20ba0$0400a8c0@pc4>
Date: Mon, 21 Aug 2006 23:00:13 +0300
From: "Valery Marchuk" <tecklord@...ocom.cv.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: further to the XSS flaw in eEye by Valery
	Marchuk

There was XSS vulnerability previous time and lots of people saw that. eEye 
reacted really fast and fixed it during one working day and now Ross Brown 
denies the existence of that flaw. Interesting, how does eEye feel to be in 
Microsoft`s shoes?

I don`t think I`m the right person to explain you what really XSS means. If 
you think it`s not dangerous and your customers are safe - so be it. They 
are your customers - not mine. And you probably don`t have to fix this flaw 
:)

Responsible disclosure is definitely good stuff. If you wouldn`t deny the 
existence of previous vulnerability, this stuff would never go into the 
public :).



Have a nice day and keep your web site secure

Valery



----- Original Message ----- 
From: Alan Shimel
To: full-disclosure@...ts.grok.org.uk
Sent: Monday, August 21, 2006 8:40 PM
Subject: [Full-disclosure] further to the XSS flaw in eEye by Valerie 
Marchuk


I posted further today to the XSS flaw found in the eEye web site with 
quotes from the eEye CEO.

You can read it here: 
http://www.stillsecureafteralltheseyears.com/ashimmy/2006/08/but_if_doesnt_b.html


Would welcome comments on whether you think it is harmless or not?

Alan

StillSecure
Alan Shimel
Chief Strategy Officer

O 303.381.3815
C 516.857.7409
F 303.381.3881


www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ