Full Disclosure mailing list archives

Re: Google Sacure (A. Jodoin)

From: alexandre jodoin <jodoin_alexandre () hotmail com>
Date: Fri, 26 Oct 2007 10:01:15 -0400

How can security companies protect us if they can't even configure their shit right?

 
More on that :

From their "Pen Test Whitepaper" on http://www.sacure.com/index.php

"The Web-based authentication is exploited by using XSS (cross-site shipping) or SLQ injection or MITM 
(Man-in-the-Middle) attacks."
 
WTF is cross-site shipping ???
:)
_________________________________________________________________
Are you ready for Windows Live Messenger Beta 8.5 ? Get the latest for free today!
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Google Sacure (A. Jodoin) alexandre jodoin (Oct 26)
- Re: Google Sacure (A. Jodoin) Michael Holstein (Oct 26)
- <Possible follow-ups>
- Re: Google Sacure (A. Jodoin) Juha-Matti Laurio (Oct 26)
- Re: Google Sacure (A. Jodoin) alexandre jodoin (Oct 26)