| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALx_OUAAJLwW76JSo1c-rFaApV9tiHU_w4jMmmFVatWomo75Rg@mail.gmail.com> Date: Sat, 10 Dec 2011 18:05:12 -0800 From: Michal Zalewski <lcamtuf@...edump.cx> To: Christian Sciberras <uuf6429@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq <bugtraq@...urityfocus.com> Subject: Re: silly PoCs continue: X-Frame-Options give you less than expected > Interesting stuff indeed. However, I don't see you talk about a solution. > Why is that? Because it's bugtraq / full-disclosure, where people generally talk about vulnerabilities... I'm not sure I follow your drift about Firefox, I don't believe it's mentioned anywhere. > Anyhow, correct me if I'm wrong, but this concept won't work when the > attacked site requires multiple user interaction, right? As in, the user > will notice something amiss the second time. Why? /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists