lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4E8F8BD7.2030302@oneechan.org>
Date: Fri, 07 Oct 2011 16:31:35 -0700
From: Laurelai <laurelai@...echan.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: LinkedIn_User Account Delete using Click
	jacking

On 10/7/2011 12:30 PM, xD 0x41 wrote:
> Hi,
> Another security expert... sheesh... and they cannot do simplest of 
> tasks, makes me wonder really how do they get anything atall coded, 
> but then again i doubt there is code... I bet theyre all some 
> persistent xss etc... wich would req some fuzz tool... well, 
> cewrtainly see better people like kcope who does not call himself any 
> senior security, yet has made many of remote exploits, and he posts 
> them in his <body> so, it should be i think put in the email-bdy, 
> responsibly that is.
> That would be good to have but since everyone company takes ITsec so 
> differently, i know MS and Google have great disclosure policies, but 
> this is supposed to be on theyre end, not ours... so i guess its 
> another good question.
> cheers
> xd
>
>
>
> On 8 October 2011 06:25, Peter Dawson <slash.pd@...il.com 
> <mailto:slash.pd@...il.com>> wrote:
>
>     if I get it right this dude is supposed to be "
>
>       * Senior Security Analyst at iViZ Techno Solutions Pvt. Ltd.
>         <http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof>
>
>
>     Whatever happened  on protocol's for  responsible disclosure ?
>
>     On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41 <secn3t@...il.com
>     <mailto:secn3t@...il.com>> wrote:
>
>         Screw you dude, attaching executable doc files , and then
>         pushing out a few *0days*
>         I wont be looking at *any* thing attached as a doc, thats just
>         common sense. nowdays, and there is abs NO need on this list
>         for it, it is FD, your meant to put it in the BODY of email,
>         or atleast maybe next time, change the type to linux 0day and
>         attach .S file... ??
>         screw u and ur advisorys, fix them into proper order asin
>         written as any would be, and ill read it, but never ask a dood
>         to open the attachment!
>
>
>
>
>         On 7 October 2011 22:48, asish agarwalla
>         <asishagarwalla@...il.com <mailto:asishagarwalla@...il.com>>
>         wrote:
>
>             Hi,
>
>             LinkedIn_User Account Delete using Click jacking.
>
>             This Vulnerability is accepted by LinkedIn they are in a
>             process to patched it but not yet patched.
>
>             Please find the document describing the vulnerability.
>
>             Regards
>             Asish
>
>             _______________________________________________
>             Full-Disclosure - We believe in it.
>             Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>             Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
The document appears to be password protected as well. Ive tried to open 
it in a VM and it prompts for a password.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ