| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTilJU3JEmWG31j2LlFmeM1fqs3G_u4qrjl1w754M@mail.gmail.com> Date: Wed, 14 Jul 2010 10:33:23 -0700 From: Chris Evans <scarybeasts@...il.com> To: Juan Galiana <jgaliana@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Google auto redirect On Wed, Jul 14, 2010 at 10:32 AM, Chris Evans <scarybeasts@...il.com> wrote: > On Wed, Jul 14, 2010 at 10:19 AM, Juan Galiana <jgaliana@...il.com> wrote: >> In fact, open redirect is considered a vulnerability commonly involved in >> phishing attacks. > > .... by people who have a cursory but non-thorough understanding of security. > > http://scarybeastsecurity.blogspot.com/ Oops, the long-term link is: http://scarybeastsecurity.blogspot.com/2010/06/open-redirectors-some-sanity.html Cheers Chris > > To be fair, it is an area of some subtlety involving what browsers do > and do not guarantee in terms of security indicators; and more > importantly, misconceptions around capabilities and mindset of the > less-technical end users that we as a community are trying to protect. > > > Cheers > Chris > >> >> http://www.owasp.org/index.php/Open_redirect >> >> On Wed, Jul 14, 2010 at 6:03 PM, Mario Vilas <mvilas@...il.com> wrote: >>> >>> did you actually try the link? cause it worked for me... >>> >>> On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie <Eddie.McGhee@....com> >>> wrote: >>>> >>>> come on what's funny about encoding a url? you don't see this as >>>> a vuln????? REALLY???? geez peace... >>>> ________________________________ >>>> From: full-disclosure-bounces@...ts.grok.org.uk >>>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Marshall >>>> Whittaker >>>> Sent: 13 July 2010 21:17 >>>> To: full-disclosure@...ts.grok.org.uk >>>> Subject: [Full-disclosure] Google auto redirect >>>> >>>> I don't really consider this a vulnerability, but it's funny. >>>> >>>> >>>> http://www.google.com/search?q=%79%61%68%6F%6F&ie=ISO-8859-1&source=hp&hl=en&btnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 >>>> >>>> -- oxagast >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> >>> -- >>> HONEY: I want to… put some powder on my nose. >>> GEORGE: Martha, won’t you show her where we keep the euphemism? >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists