Full Disclosure mailing list archives
Re: RCSR fun: stealing FF passwords the easy way
From: Stefan Esser <sesser () hardened-php net>
Date: Sat, 25 Nov 2006 13:49:48 +0100 (MET)
Sorry to disappoint you but this RCSR is nothing else than the usual Web Application Security Hype that happens when one of the big Web2.0 websites that does something really stupid is hit by old stuff. The "new vulnerability" discovered in Firefox was already described in 2005 in Web Application Security talks and is already covered in atleast one german PHP Security Book from 2005. Stefan Esser pagvac schrieb:
FYI, it appears this issue was reported way back in August 2006 by RSnake: http://ha.ckers.org/blog/20061122/programmatic-password-theft-is-back/ On 11/24/06, pagvac <unknown.pentester () gmail com> wrote:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RCSR fun: stealing FF passwords the easy way pagvac (Nov 24)
- Re: RCSR fun: stealing FF passwords the easy way pagvac (Nov 25)
- Re: RCSR fun: stealing FF passwords the easy way Stefan Esser (Nov 25)
- Re: RCSR fun: stealing FF passwords the easy way pagvac (Nov 25)