| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20070217141056.382F081@lists.grok.org.uk> Date: Sat, 17 Feb 2007 14:10:54 +0000 (GMT) From: skyout@....net To: Matthew Flaschen <matthew.flaschen@...ech.edu> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites) On Fri, 16 Feb 2007 17:47:44 -0500 Matthew Flaschen <matthew.flaschen@...ech.edu> wrote: > skyout@....net wrote: > > Dear Sir or Madam, > > > > I want to point your attention to a new list, that shows up to 40 (!) > > vulnerabilities on Bank sites of Austria and proves another time > > how insecure online banking still is. The list is publicly available under: > > > > ------------------------------------------------------------ > > http://baseportal.com/baseportal/phishmarkt/at > > ------------------------------------------------------------ > > From the page: > > All used techniques are well known for many years and can be > > considered state-of-the-art. > > Huh? > > Using search fields (as the most common way) to spoof/manipulate the content of the page can often easily be solved by filtering the input value and THIS should be well known to every good (web)coder for years. So: It is nothing new, people do it wrong, again and again (since years, just that it now gets more and more public). That's all ;) SkyOut _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists