Full Disclosure mailing list archives

Re: www.dia.mil

From: Adrian P. <unknown.pentester () gmail com>
Date: Wed, 29 Oct 2008 10:02:20 +0000

Welcome to the web! 

1 website = content retrieved from dozens/hundreds of sites. Much more than what the browser's address bar shows ;)

Think of ad banners, analytics JS ("legit" spyware), static content served from high-speed embedded httpds, etc ...

And yes, there are security implications to this design problem.


-----Original Message-----
From: Valdis.Kletnieks () vt edu
Sent: 27 October 2008 17:22
To: Razi Shaban <razishaban () gmail com>
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] www.dia.mil

On Mon, 27 Oct 2008 21:07:46 +0400, Razi Shaban said:

On Mon, Oct 27, 2008 at 7:59 PM, Bipin Gautam <bipin.gautam () gmail com> wrote:


A picture is worth a thousand words.

But whats so wrong about it?

:P



So what?


A US intelligence agency is basically betting the bank that statcounter.com,
a company apparently based in Ireland, doesn't get pwned or subverted.

Does that give you warm-n-fuzzies?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: www.dia.mil, (continued)
- - Re: www.dia.mil Gary E. Miller (Oct 27)
  - Re: www.dia.mil Valdis . Kletnieks (Oct 27)
    - Re: www.dia.mil Razi Shaban (Oct 27)
    - Re: www.dia.mil Valdis . Kletnieks (Oct 27)
    - Re: www.dia.mil Bipin Gautam (Oct 27)
    - Re: www.dia.mil Gary E. Miller (Oct 27)
    - Re: www.dia.mil Bipin Gautam (Oct 27)
    - Re: www.dia.mil Jorrit Kronjee (Oct 30)
    - Re: www.dia.mil nocfed (Oct 30)
- Re: www.dia.mil Big R (Oct 27)
- Re: www.dia.mil Adrian P . (Oct 29)
  - Re: www.dia.mil Viktor Larionov (Oct 29)