| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <490834b0.0af6660a.3bce.ffffdeff@mx.google.com>
Date: Wed, 29 Oct 2008 10:02:20 +0000
From: Adrian P. <unknown.pentester@...il.com>
To: <Valdis.Kletnieks@...edu>, Razi Shaban <razishaban@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: www.dia.mil
Welcome to the web!
1 website = content retrieved from dozens/hundreds of sites. Much more than what the browser's address bar shows ;)
Think of ad banners, analytics JS ("legit" spyware), static content served from high-speed embedded httpds, etc ...
And yes, there are security implications to this design problem.
-----Original Message-----
From: Valdis.Kletnieks@...edu
Sent: 27 October 2008 17:22
To: Razi Shaban <razishaban@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] www.dia.mil
On Mon, 27 Oct 2008 21:07:46 +0400, Razi Shaban said:
> On Mon, Oct 27, 2008 at 7:59 PM, Bipin Gautam <bipin.gautam@...il.com> wrote:
> >
> > A picture is worth a thousand words.
> >
> > But whats so wrong about it?
> >
> > :P
>
>
> So what?
A US intelligence agency is basically betting the bank that statcounter.com,
a company apparently based in Ireland, doesn't get pwned or subverted.
Does that give you warm-n-fuzzies?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists