Full Disclosure mailing list archives
Re: Predefined Post Authentication Session ID Vulnerability
From: Григорий Братислава <musntlive () gmail com>
Date: Fri, 13 Jul 2012 16:37:38 -0400
On Fri, Jul 13, 2012 at 7:23 AM, Gokhan Muharremoglu <gokhan.muharremoglu () iosec org> wrote:
Ok. It seems i have to explain this vulnerability's effects with another scenario. This is a real life scenario and i wrote it in a Turkish article for National Information Security Portal which is run by TUBITAK. Article in Turkish with scenario => http://www.iosec.org/oturum_oncesi_tanimli_cerez.pdf I will explain it in English now. There are KIOSK/Terminal machines at bank branches in Turkey. Customers can reach to the regular Internet banking applicaton from here.
This is real life common sense is answer. "So you walk into a bank" are you is serious? Is most stupid example than Security Chicken Tim. I am is walk into bank to do this stupidity while I am on is camera? Where are you is new 10 year and is under experience security freaks come is from? Hello Full Disclosure!! !! !! Is like to warn you about is robbing banks without is mask and waving to camera pizda _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Predefined Post Authentication Session ID Vulnerability, (continued)
- Re: Predefined Post Authentication Session ID Vulnerability Gage Bystrom (Jul 13)
- Re: Predefined Post Authentication Session ID Vulnerability Григорий Братислава (Jul 13)
- Re: Predefined Post Authentication Session ID Vulnerability Григорий Братислава (Jul 13)
- Re: Predefined Post Authentication Session ID Vulnerability Douglas Huff (Jul 16)
- Re: Predefined Post Authentication Session ID Vulnerability Douglas Huff (Jul 16)
- Re: Predefined Post Authentication Session ID Vulnerability Gage Bystrom (Jul 13)
- Re: Predefined Post Authentication Session ID Vulnerability Tim (Jul 13)
- Re: Predefined Post Authentication Session ID Vulnerability Douglas Huff (Jul 16)
- Re: Predefined Post Authentication Session ID Vulnerability Gokhan Muharremoglu (Jul 13)
- Re: Predefined Post Authentication Session ID Vulnerability Gökhan Muharremoglu (Jul 13)
- Re: Predefined Post Authentication Session ID Vulnerability Григорий Братислава (Jul 13)
- Message not available
- Re: Predefined Post Authentication Session ID Vulnerability Gokhan Muharremoglu (Jul 13)