[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4E8F8BD7.2030302@oneechan.org>
Date: Fri, 07 Oct 2011 16:31:35 -0700
From: Laurelai <laurelai@...echan.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: LinkedIn_User Account Delete using Click
jacking
On 10/7/2011 12:30 PM, xD 0x41 wrote:
> Hi,
> Another security expert... sheesh... and they cannot do simplest of
> tasks, makes me wonder really how do they get anything atall coded,
> but then again i doubt there is code... I bet theyre all some
> persistent xss etc... wich would req some fuzz tool... well,
> cewrtainly see better people like kcope who does not call himself any
> senior security, yet has made many of remote exploits, and he posts
> them in his <body> so, it should be i think put in the email-bdy,
> responsibly that is.
> That would be good to have but since everyone company takes ITsec so
> differently, i know MS and Google have great disclosure policies, but
> this is supposed to be on theyre end, not ours... so i guess its
> another good question.
> cheers
> xd
>
>
>
> On 8 October 2011 06:25, Peter Dawson <slash.pd@...il.com
> <mailto:slash.pd@...il.com>> wrote:
>
> if I get it right this dude is supposed to be "
>
> * Senior Security Analyst at iViZ Techno Solutions Pvt. Ltd.
> <http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof>
>
>
> Whatever happened on protocol's for responsible disclosure ?
>
> On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41 <secn3t@...il.com
> <mailto:secn3t@...il.com>> wrote:
>
> Screw you dude, attaching executable doc files , and then
> pushing out a few *0days*
> I wont be looking at *any* thing attached as a doc, thats just
> common sense. nowdays, and there is abs NO need on this list
> for it, it is FD, your meant to put it in the BODY of email,
> or atleast maybe next time, change the type to linux 0day and
> attach .S file... ??
> screw u and ur advisorys, fix them into proper order asin
> written as any would be, and ill read it, but never ask a dood
> to open the attachment!
>
>
>
>
> On 7 October 2011 22:48, asish agarwalla
> <asishagarwalla@...il.com <mailto:asishagarwalla@...il.com>>
> wrote:
>
> Hi,
>
> LinkedIn_User Account Delete using Click jacking.
>
> This Vulnerability is accepted by LinkedIn they are in a
> process to patched it but not yet patched.
>
> Please find the document describing the vulnerability.
>
> Regards
> Asish
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
The document appears to be password protected as well. Ive tried to open
it in a VM and it prompts for a password.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists