| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <242a0a8f0702150558g7f41e197p301ca1280698af1f@mail.gmail.com> Date: Thu, 15 Feb 2007 08:58:36 -0500 From: "Brian Eaton" <eaton.lists@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: XSS + XSRF/CSRF... On 2/15/07, pagvac <unknown.pentester@...il.com> wrote: > 3. Protect "interesting"/dangerous requests by asking the user for > something only he/she knows (i.e.: password) Careful with that. What about JS keyloggers? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists