lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Mar 2014 11:36:14 -0700 From: "T Imbrahim" <TImbrahim@...hemail.com> To: "Michal Zalewski" <lcamtuf@...edump.cx> Cc: full-disclosure@...ts.grok.org.uk, pr0ix@...oo.co.uk Subject: Re: Fwd: Google vulnerabilities with PoC Is this treated with the same way that says that Remote File Inclusion is not a security issue ? You don't follow? Implying ? I understand why nobody likes Google. If I 've found a vulnerability and been treated like that for trying to help, I would rather sell it to the black market or to some government. The NSA maybe is happy to buy a RFI on Google, im sure they could make good use of that. Google is very deceptive in security matters. --- lcamtuf@...edump.cx wrote: From: Michal Zalewski <lcamtuf@...edump.cx> To: TImbrahim@...hemail.com Cc: pr0ix@...oo.co.uk, full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC Date: Sat, 15 Mar 2014 10:59:40 -0700 > A hacker exploits a JSON (javascript) object that has information of interest for example holding some values for cookies. A lot of times that exploits the same policy origin. The JSON object returned from a server can be forged over writing javascript function that create the object. This happens because of the same origin policy problem in browsers that cannot say if js execution it different for two different sites. To be honest, I'm not sure I follow, but I'm fairly confident that my original point stands. If you believe that well-formed JSON objects without padding can be read across origins within the browser, I would love to see more information about that. (In this particular case, it still wouldn't matter because the response doesn't contain secrets, but it would certainly break a good chunk of the Internet.) JSONP is a different animal. /mz _____________________________________________________________ Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists