| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTikTzXSBLPZT1dJXb+hTdFnRLxOc9fZr6fgKv_mh@mail.gmail.com> Date: Sat, 18 Dec 2010 12:53:13 -0500 From: Jeffrey Walton <noloader@...il.com> To: Maciej Gojny <vuln@...ko-security.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: adobe.com important subdomain SQL injection again! On Sat, Dec 18, 2010 at 11:58 AM, Maciej Gojny <vuln@...ko-security.com> wrote: > hello full disclosure! > > After six months from the first contact with Adobe security team,  important > adobe.com subdomain is still vulnerable to SQL injection attacks. We hope > that this time, serious people will try to solve the problem. There's a reason Adobe is the most attacked software [1,2], and its probably because they write the most vulnerable software (or adversaries are looking for a challenge, which seems less intuitive and highly unlikely to me). It appears "insecurity" is an enterprise wide practice, and not just limited to their software. Jeff [1] "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009) http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ [2] "Adobe predicted as top 2010 hacker target" (Dec 2009) http://www.theregister.co.uk/2009/12/29/security_predictions_2010/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists