Full Disclosure mailing list archives

Re: Google Sacure (A. Jodoin)

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 26 Oct 2007 20:14:16 +0300 (EEST)

When typing these words _shipp_ing and script_ing_ these keys aren't even near each other on the keyboard... :)
 
- Juha-Matti

alexandre jodoin <jodoin_alexandre () hotmail com> wrote:

How can security companies protect us if they can't even configure their shit right?

 
More on that :

From their "Pen Test Whitepaper" on http://www.sacure.com/index.php

"The Web-based authentication is exploited by using XSS (cross-site shipping) or SLQ injection or MITM 
(Man-in-the-Middle) attacks."
 
WTF is cross-site shipping ???
:)
_________________________________________________________________
Are you ready for Windows Live Messenger Beta 8.5 ? Get the latest for free today!
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Google Sacure (A. Jodoin) alexandre jodoin (Oct 26)
- Re: Google Sacure (A. Jodoin) Michael Holstein (Oct 26)
- <Possible follow-ups>
- Re: Google Sacure (A. Jodoin) Juha-Matti Laurio (Oct 26)
- Re: Google Sacure (A. Jodoin) alexandre jodoin (Oct 26)