| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2010 10:32:47 -0700 From: Chris Evans <scarybeasts@...il.com> To: Juan Galiana <jgaliana@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Google auto redirect On Wed, Jul 14, 2010 at 10:19 AM, Juan Galiana <jgaliana@...il.com> wrote: > In fact, open redirect is considered a vulnerability commonly involved in > phishing attacks. .... by people who have a cursory but non-thorough understanding of security. http://scarybeastsecurity.blogspot.com/ To be fair, it is an area of some subtlety involving what browsers do and do not guarantee in terms of security indicators; and more importantly, misconceptions around capabilities and mindset of the less-technical end users that we as a community are trying to protect. Cheers Chris > > http://www.owasp.org/index.php/Open_redirect > > On Wed, Jul 14, 2010 at 6:03 PM, Mario Vilas <mvilas@...il.com> wrote: >> >> did you actually try the link? cause it worked for me... >> >> On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie <Eddie.McGhee@....com> >> wrote: >>> >>> come on what's funny about encoding a url? you don't see this as >>> a vuln????? REALLY???? geez peace... >>> ________________________________ >>> From: full-disclosure-bounces@...ts.grok.org.uk >>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Marshall >>> Whittaker >>> Sent: 13 July 2010 21:17 >>> To: full-disclosure@...ts.grok.org.uk >>> Subject: [Full-disclosure] Google auto redirect >>> >>> I don't really consider this a vulnerability, but it's funny. >>> >>> >>> http://www.google.com/search?q=%79%61%68%6F%6F&ie=ISO-8859-1&source=hp&hl=en&btnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 >>> >>> -- oxagast >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> -- >> HONEY: I want to… put some powder on my nose. >> GEORGE: Martha, won’t you show her where we keep the euphemism? >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists