Re: [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

["Randal T. Rioux" <randy () procyonlabs com>]

On 2/4/2014 6:36 PM, Mark Litchfield wrote:
> On 2/4/2014 3:13 PM, security curmudgeon wrote:
> > : > This is not the behavior of the site as of 48 hours ago.
> >
> > : Let me check.  Normal registration should also be available ? Infact I
> > : will remove the registration.
> > :
> > : The purpose of this whole registration in the first place was to allow
> > : for future postings I am going to make later this week that would only
> > : be available to registered users.  Not necessarily vulnerabilities, but
> > : useful "stuff" for pentesting.  Also all registered users would be
> > given
> > : a 48 hours head start on any new vulnerabilities that I post in the
> > : future.
> >
> > Which is great, but I strongly recommend you allow a site-specific
> > registration for such purposes. Giving up one of the two dominant social
> > media accounts for it is excessive.

> I should add, I am all for constructive criticism.  But a public forum
> is not really the place.  Feel free to email me directly.

Yes, it is. This is a security forum. Your authentication mechanism is a
major security issue.

The damn thing should get its own CVE.

Think about it and you'll see the point.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/