| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a8fe69350805102307x13c34820ufb38de0a92244a7c@mail.gmail.com> Date: Sun, 11 May 2008 01:07:49 -0500 From: "Fredrick Diggle" <fdiggle@...il.com> To: nick@...us-l.demon.co.uk Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Out of Office AutoReply: Snort Signature to det ect credit cards Fredrick Diggle would like to disclose a vulnerability in email auto responders. Using these auto responders causes information disclosure that the victim is currently not in the office. an attacker could use this information to know when a victim is not in the office and XSS their browser for fun and profit. On Fri, May 9, 2008 at 6:45 AM, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote: > Randal T. Rioux to Bill West: > > > > > I am no longer on-site full time and have limited access to e-mail. I will > > > respond to you as soon as I can. If your issue is an emergency, please use > > > the contacts below. > <<snip>> > > > > > Did I mention the social engineering treasures sent around the world with > > each one? Do you really work in security? > > Maybe this kind of thing is why he no longer... > > > > Regards, > > Nick FitzGerald > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists