Full Disclosure mailing list archives
Re: Cross Site Hacking Browser Injection Attack Vulnerability Paradigms
From: <full-disclosure () mac hush com>
Date: Sat, 20 Oct 2007 15:48:29 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 lol what a blonde i forgot my citations one second [1] http://www.gnucitizen.org [2] http://pax.grsecurity.net Thanks! On Sat, 20 Oct 2007 15:46:36 -0400 full-disclosure () mac hush com wrote:
Hello friends, I am a PhD student writing my dissertation on cross site scripting related attacks, which I have learned is the true Achilles heel of Intraweb exploration technologies. One detail I am unable to find with the assistance of the Internet Wayback machine is when and what browsers first introduced these vulnerabilities. So, 1) What browser was first vulnerable to these attacks, 2) Who was the responsible developer, 3) How was this vulnerable mechanism replicated across all modern browsers, 4) Instead of patching individual XSS problems in random web-based piano tuning software, why aren't the serious security researchers[1] of this list working to develop better technologies to block the entire vulnerability class, like the PaX/w^x team has done[2], to raise the ante for computer security list posters around the world? Thanks for your help in advance.
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcaW40ACgkQqTTbVuUWvbIJCQP/V1jGj8znRU91cQc1gdWR1geWuHhe A9hC5dvqDtmLGrk7JvY4LHgZ55Ojv95tW+renUMKIX5+UiDveVZ5mo/xX4d0yERCqfWd 1FuAhYrtgbvDL+kSqmvV5sybp57XQDHterOcf75fputd2rALDzDUKVfNE1rMqFdlEQOt NKmij48= =6Q4d -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross Site Hacking Browser Injection Attack Vulnerability Paradigms full-disclosure (Oct 20)
- Re: Cross Site Hacking Browser Injection Attack Vulnerability Paradigms phioust (Oct 20)
- Re: Cross Site Hacking Browser Injection Attack Vulnerability Paradigms Valdis . Kletnieks (Oct 20)
- <Possible follow-ups>
- Re: Cross Site Hacking Browser Injection Attack Vulnerability Paradigms full-disclosure (Oct 20)