Full Disclosure mailing list archives
Re: further to the XSS flaw in eEye by Valery Marchuk
From: "Valery Marchuk" <tecklord () argocom cv ua>
Date: Mon, 21 Aug 2006 23:00:13 +0300
There was XSS vulnerability previous time and lots of people saw that. eEye reacted really fast and fixed it during one working day and now Ross Brown denies the existence of that flaw. Interesting, how does eEye feel to be in Microsoft`s shoes?
I don`t think I`m the right person to explain you what really XSS means. If you think it`s not dangerous and your customers are safe - so be it. They are your customers - not mine. And you probably don`t have to fix this flaw :)
Responsible disclosure is definitely good stuff. If you wouldn`t deny the existence of previous vulnerability, this stuff would never go into the public :).
Have a nice day and keep your web site secure Valery----- Original Message ----- From: Alan Shimel
To: full-disclosure () lists grok org uk Sent: Monday, August 21, 2006 8:40 PMSubject: [Full-disclosure] further to the XSS flaw in eEye by Valerie Marchuk
I posted further today to the XSS flaw found in the eEye web site with quotes from the eEye CEO.
You can read it here: http://www.stillsecureafteralltheseyears.com/ashimmy/2006/08/but_if_doesnt_b.html
Would welcome comments on whether you think it is harmless or not? Alan StillSecure Alan Shimel Chief Strategy Officer O 303.381.3815 C 516.857.7409 F 303.381.3881 www.stillsecure.com The information transmitted is intended only for the person to whom it is addressed and may contain confidential material. Review or other use of this information by persons other than the intended recipient is prohibited. If you've received this in error, please contact the sender and delete from any computer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: further to the XSS flaw in eEye by Valery Marchuk Valery Marchuk (Aug 21)