lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <46A5CD8C.1010301@infosecurity.ch>
Date: Tue, 24 Jul 2007 11:59:40 +0200
From: "Fabio Pietrosanti (naif)" <lists@...osecurity.ch>
To: full-disclosure@...ts.grok.org.uk
Subject: On the vulnerabilities of web services

I have no time to write a detailed post on the issues related with the
guys that are recently releasing bugs of web services.

I would like someone analyze the implications, differences in terms of
community advantages, people risks, technology enhancements related with
the disclosure of vulnerabilities of web services (misc websites of
railways, internet providers, public agencies, search engines and
webmails) VS the disclosure of vulnerabilities in standalone pieces of
software.

I don't like the public disclosure of XSSs and SQL Injections (and stuff
like that) on third party web sites, i don't consider it useful for
anyone, too risky for the 'researcher' and too risky for the third party
websites.

Only in July there was a storm of fucking websites vulnerabilities
announcements:

- http://seclists.org/fulldisclosure/2007/Jul/0457.html TRENITALIA.COM
- http://seclists.org/fulldisclosure/2007/Jul/0460.html STATCOUNTER.COM
- http://seclists.org/fulldisclosure/2007/Jul/0437.html ACTUAL TESTS
- http://seclists.org/fulldisclosure/2007/Jul/0296.html ORKUT
- http://seclists.org/fulldisclosure/2007/Jul/0187.html Wachovia Bank
- http://seclists.org/fulldisclosure/2007/Jul/0035.html blinzzard.com
- http://seclists.org/fulldisclosure/2007/Jul/0036.html WORLDOFWARCRAFT.COM

Hey guys, do you feel yourself cooler than before, now?

-naif

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ