| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Nov 2006 13:49:48 +0100 (MET) From: Stefan Esser <sesser@...dened-php.net> To: pagvac <unknown.pentester@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: RCSR fun: stealing FF passwords the easy way Sorry to disappoint you but this RCSR is nothing else than the usual Web Application Security Hype that happens when one of the big Web2.0 websites that does something really stupid is hit by old stuff. The "new vulnerability" discovered in Firefox was already described in 2005 in Web Application Security talks and is already covered in atleast one german PHP Security Book from 2005. Stefan Esser pagvac schrieb: > FYI, it appears this issue was reported way back in August 2006 by RSnake: > > http://ha.ckers.org/blog/20061122/programmatic-password-theft-is-back/ > > On 11/24/06, pagvac <unknown.pentester@...il.com> wrote: > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists