Vulnerability Development mailing list archives

RE: Developerstore.com expose critical customer info

From: "Mark Curphey" <mark () curphey com>
Date: Sun, 13 Jan 2002 17:55:22 -0800

Nothing sinister, this really was just a case of bad timing.

Sleuth was just a proof of concept and the brain child of one person (Dave
Zimmer). It was designed to be an interactive web browser that exposed some
HTTP. As things got underway at OWASP, we have determined we need (and been
asked by the community) to build a more automated open source web
application security testing tool that is cross platform.  As such it is
likely to be built in Java and will be able to test all issues identified in
the OWASP ASAC project (http://www.owasp.org/projects/asac/), like
canonicalization for instance. It will also support testing against the
requirements project and will support the testing framework, projects both
only just started. This is likely to be at least six months away.

To try and morph Sleuth into such a package would be like trying to convert
a 4x4 into a sports car, so we all decided it would be best to keep Sleuth
doing what it was designed to do and start from scratch with the new project
so that we have a clean robust foundation to build upon.

Sleuth and the plugins are all back at Dave Zimmers site
(http://geocities.com/dzzie/sleuth)

-----Original Message-----
From: shawn merdinger [mailto:dinger () gslis utexas edu]
Sent: Sunday, January 13, 2002 5:40 PM
Cc: vuln-dev () securityfocus com; webappsec () securityfocus com
Subject: Re: Developerstore.com expose critical customer info


Looks like it's still on the Russian mirror:

<http://SecurityLab.ru/_Tools/websleuthInstaller-1.1.2.zip>

-scm


On Sat, 12 Jan 2002, Jeremiah Grossman wrote:

WebSlueth was removed from OWASP because of this incident?
Can someone "in the know" shed some light on this and explain
if there is any truth to this.... (how does one relate to the other?)

I did confirm the URL where WebSleuth was available from:
http://www.owasp.org/resources/tools/index.shtml
does indeed have it taken down... citing:

"This site is temporarily down for maintenance, please check back later"



Jeremiah Grossman



c c wrote:

It seems that the post cause some undesired efects
(Websleuth removed from OWASP, etc.), i'm really sorry
it was not my intention.

Current thread:

Developerstore.com expose critical customer info c c (Jan 11)
- <Possible follow-ups>
- RE: Developerstore.com expose critical customer info Blue Boar (Jan 11)
- RE: Developerstore.com expose critical customer info sq (Jan 11)
  - Re: Developerstore.com expose critical customer info Blue Boar (Jan 11)
- Re: Developerstore.com expose critical customer info c c (Jan 12)
  - Re: Developerstore.com expose critical customer info Jeremiah Grossman (Jan 12)
    - Re: Developerstore.com expose critical customer info shawn merdinger (Jan 13)
    - RE: Developerstore.com expose critical customer info Mark Curphey (Jan 13)