| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTinpZjQ0OJThC2grfxgsUxBBWfWgQJ8yYtM9tqa5@mail.gmail.com> Date: Thu, 24 Feb 2011 18:49:51 -0800 From: Dan Kaminsky <dan@...para.com> To: Security Conscious <securityconsciousguy@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Why should the presence of shebang (#!) freak out ANY security conscious guy? It's change. And change is scary. (Seriously, nothing wrong with hashbang, except perhaps a slightly increased risk of CSRF from people forgetting, yes, the web's broken session management is still broken even with client side JS page assembly.) On Wed, Feb 23, 2011 at 2:51 PM, Security Conscious <securityconsciousguy@...il.com> wrote: > Could someone please have a look at these twitter posts: > http://twitter.com/#!/achitnis/status/40444144992260096 > http://twitter.com/#!/achitnis/status/40447225658228736 > http://twitter.com/#!/achitnis/status/40450742326140928 > and explain why the presence of #! in URLs would freak out ANY security > conscious guy? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists