| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 05 Feb 2014 15:13:31 -0500 From: "Randal T. Rioux" <randy@...cyonlabs.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration On 2/4/2014 6:36 PM, Mark Litchfield wrote: > On 2/4/2014 3:13 PM, security curmudgeon wrote: >> : > This is not the behavior of the site as of 48 hours ago. >> >> : Let me check. Normal registration should also be available ? Infact I >> : will remove the registration. >> : >> : The purpose of this whole registration in the first place was to allow >> : for future postings I am going to make later this week that would only >> : be available to registered users. Not necessarily vulnerabilities, but >> : useful "stuff" for pentesting. Also all registered users would be >> given >> : a 48 hours head start on any new vulnerabilities that I post in the >> : future. >> >> Which is great, but I strongly recommend you allow a site-specific >> registration for such purposes. Giving up one of the two dominant social >> media accounts for it is excessive. > I should add, I am all for constructive criticism. But a public forum > is not really the place. Feel free to email me directly. Yes, it is. This is a security forum. Your authentication mechanism is a major security issue. The damn thing should get its own CVE. Think about it and you'll see the point. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists