[<prev] [next>] [day] [month] [year] [list]
Message-ID: <001401c6c55c$6bc20ba0$0400a8c0@pc4>
Date: Mon, 21 Aug 2006 23:00:13 +0300
From: "Valery Marchuk" <tecklord@...ocom.cv.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: further to the XSS flaw in eEye by Valery
Marchuk
There was XSS vulnerability previous time and lots of people saw that. eEye
reacted really fast and fixed it during one working day and now Ross Brown
denies the existence of that flaw. Interesting, how does eEye feel to be in
Microsoft`s shoes?
I don`t think I`m the right person to explain you what really XSS means. If
you think it`s not dangerous and your customers are safe - so be it. They
are your customers - not mine. And you probably don`t have to fix this flaw
:)
Responsible disclosure is definitely good stuff. If you wouldn`t deny the
existence of previous vulnerability, this stuff would never go into the
public :).
Have a nice day and keep your web site secure
Valery
----- Original Message -----
From: Alan Shimel
To: full-disclosure@...ts.grok.org.uk
Sent: Monday, August 21, 2006 8:40 PM
Subject: [Full-disclosure] further to the XSS flaw in eEye by Valerie
Marchuk
I posted further today to the XSS flaw found in the eEye web site with
quotes from the eEye CEO.
You can read it here:
http://www.stillsecureafteralltheseyears.com/ashimmy/2006/08/but_if_doesnt_b.html
Would welcome comments on whether you think it is harmless or not?
Alan
StillSecure
Alan Shimel
Chief Strategy Officer
O 303.381.3815
C 516.857.7409
F 303.381.3881
www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists