Full Disclosure mailing list archives
On the vulnerabilities of web services
From: "Fabio Pietrosanti (naif)" <lists () infosecurity ch>
Date: Tue, 24 Jul 2007 11:59:40 +0200
I have no time to write a detailed post on the issues related with the guys that are recently releasing bugs of web services. I would like someone analyze the implications, differences in terms of community advantages, people risks, technology enhancements related with the disclosure of vulnerabilities of web services (misc websites of railways, internet providers, public agencies, search engines and webmails) VS the disclosure of vulnerabilities in standalone pieces of software. I don't like the public disclosure of XSSs and SQL Injections (and stuff like that) on third party web sites, i don't consider it useful for anyone, too risky for the 'researcher' and too risky for the third party websites. Only in July there was a storm of fucking websites vulnerabilities announcements: - http://seclists.org/fulldisclosure/2007/Jul/0457.html TRENITALIA.COM - http://seclists.org/fulldisclosure/2007/Jul/0460.html STATCOUNTER.COM - http://seclists.org/fulldisclosure/2007/Jul/0437.html ACTUAL TESTS - http://seclists.org/fulldisclosure/2007/Jul/0296.html ORKUT - http://seclists.org/fulldisclosure/2007/Jul/0187.html Wachovia Bank - http://seclists.org/fulldisclosure/2007/Jul/0035.html blinzzard.com - http://seclists.org/fulldisclosure/2007/Jul/0036.html WORLDOFWARCRAFT.COM Hey guys, do you feel yourself cooler than before, now? -naif _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- On the vulnerabilities of web services Fabio Pietrosanti (naif) (Jul 24)
- Re: On the vulnerabilities of web services The Security Community (Jul 24)
- Re: On the vulnerabilities of web services Fabio Pietrosanti (naif) (Jul 24)
- Re: On the vulnerabilities of web services The Security Community (Jul 24)