XSS Vulnerabilities at Sun, IBM, Verisign, AOL, F-Secure, eEye

["Valery Marchuk" <tecklord () argocom cv ua>]

Why world's leading security companies don't take care of their security? 

I`ve published some of XSS vulnerabilities in my blog and forwarded them to full-disclosure. But it seems like leading 
security companies don`t even think of fixing these bugs. Cisco, Microsoft, Symantec, NSA, F-Secure, AOL, Sun, IBM, 
eEye still have vulnerabilities in their web sites. Is there any chance to protect ourselves from this threat? How can 
we trust these companies, if their web sites may allow hackers to compromise our computers and get access to our bank 
accounts?



Demostration exploit of XSS vulnerability at Verisign is availabe at http://www.securitylab.ru/verisign.php



Other vulnerabilities cat be found at http://www.securitylab.ru/blog/tecklord/?category=19



Have a nice day,

Valery




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/