| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jan 2008 18:33:08 -0200 From: M.B.Jr. <marcio.barbado@...il.com> To: BlackHawk <hawkgotyou@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Guess Fredrick's sarcastic and cynical suggestion is: xss-like menaces seems as unstoppable as this web-slavery the industry imposes. Well, if so, I agree. On 1/17/08, BlackHawk <hawkgotyou@...il.com> wrote: > > ====== > > 4) Fix > > ====== > > > Notepad should be rewritten to filter potentially dangerous > > characters. Characters can be converted to their html encoded > > equivalents. > > translated: you CAN'T write pages in HTML with any program.. > > >Fredrick Diggle Security Services is probably the best application > >security researchers on the scene this month. They have identified > >several hundred thousand vulnerabilities this week[..] > > i think you must read this: http://www.amazon.com/PCs-Dummies-Quick-Reference-Gookin/dp/0764507222 > > > -- > Best regards, > BlackHawk mailto:hawkgotyou@...il.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Marcio Barbado, Jr. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists