lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 19 Jan 2010 15:39:34 -0500
From: T Biehn <tbiehn@...il.com>
To: MustLive <mustlive@...security.com.ua>, 
	full-disclosure <Full-Disclosure@...ts.grok.org.uk>
Subject: Re: MouseOverJacking attacks

Hello MustLive!
Thanking you for taking a personal approach to all of your list admirers!

Prosperous futures abound!

A missive granted in thy honor sweet prince of XSS.

On Sun, Jan 17, 2010 at 4:33 PM, MustLive <mustlive@...security.com.ua> wrote:
> Hello Travis!
>
> Thanks for your attention to my article about MouseOverJacking attacks.
>
>> If you read the HTML specification you can find all sorts of XSS
>> attack vectors that people just assumed would be redundant to write
>> entire articles on!
>
> Yes, I'm familiar with HTML specification (as web developer from beginning
> of 1999) and I know about different events in HTML. And as web security
> professional I know a lot of XSS vectors.
>
> Many of events in HTML are not widespread enough (or not usable enough) for
> XSS attacks to write entire articles about them, but such ones as onclick
> and onmouseover are those which worth entire articles. There were said a lot
> about attacks via onclick in 2008, so I decided to said about onmouseover in
> 2009 (because it worths it).
>
> P.S.
>
> Because Jeff is already in my blacklist, as I mentioned to the list, so in
> the future no need to send me his letters. If you'll decide to answer me,
> than write me directly.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ----- Original Message ----- From: "T Biehn" <tbiehn@...il.com>
> To: "Jeff Williams" <jeffwillis30@...il.com>
> Cc: "MustLive" <mustlive@...security.com.ua>;
> <full-disclosure@...ts.grok.org.uk>
> Sent: Tuesday, January 05, 2010 4:53 PM
> Subject: Re: [Full-disclosure] MouseOverJacking attacks
>
>
>> Hey MustLive!
>> If you read the HTML specification you can find all sorts of XSS
>> attack vectors that people just assumed would be redundant to write
>> entire articles on!
>>
>> Here!
>> http://www.w3.org/TR/REC-html40/interact/scripts.html
>>
>> -Travis
>>
>> On Sun, Jan 3, 2010 at 10:29 PM, Jeff Williams <jeffwillis30@...il.com>
>> wrote:
>>>
>>> Thanks for your wishes MustDie;
>>>
>>> Do you consider yourself as an oz XSS ninja ?
>>>
>>> Did your C.V. ended in the OWASP trash bin ?
>>>
>>> And how the fuck you came up with a nickname like that ?
>>>
>>>
>>>
>>> Let us know, we truly give a shit about your life, and xss.
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
>> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
>> http://pastebin.com/f6fd606da
>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ