| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTim6v5Hx-_W59Y6pFqV5Mar7j5756rJktxtdoTPf@mail.gmail.com> Date: Fri, 1 Apr 2011 09:17:25 +0100 From: Benji <me@...ji.com> To: matador matador <m4t4d00r@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: itunes.apple.com owned by webapp malicious host No they don't. All your link implies is that either a) someone compromised the itunes account associated with that band and added the script, or b) it was injected into place. However at no point is the javascript executed. Sigh, do you have a CSSIP aswell? On 4/1/11, matador matador <m4t4d00r@...il.com> wrote: > Seems that Websense agree with me... > > http://community.websense.com/blogs/securitylabs/archive/2011/03/29/lizamoon-mass-injection-28000-urls-including-itunes.aspx > > ... or better they copy and paste my trivial link ... LOL! :))) > > 2011/3/29 Cal Leeming <cal@...whisper.co.uk> > >> Unconfirmed, seems to escape fine for me. >> >> On Tue, Mar 29, 2011 at 3:22 PM, matador matador >> <m4t4d00r@...il.com>wrote: >> >>> Enjoy! :) >>> >>> http://www.google.com/search?q=lizamoon.com+site%3Aapple.com >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists