WebApp Sec mailing list archives
Re: Watchfire Free Tools
From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 2 Aug 2005 22:40:24 -0700
well i am not even sure if watchfire wanted to prevent against leeching attacks. Maybe they wanted to allow people to d/l the application if they had the direct links. for e.g. Amazon's "Look Inside" feature uses static links. The links do not expire. So essentially if I can get links (which are static) to all the scanned images of the pages, I can read the whole book online. It is not because Amazon doesn't know how to automatically expire links, it is just that they wanted to give people the ability to go back and view the scanned images of the pages, at a later time, at their leisure.
The irony of companies that "play" at security and can't even protect their own sites from the same attacks they claim to protect others from. And please, no BS excuses, there is no download withour registering ! http://download.watchfire.com/powertools/Watchfire_PowerTools_1.0.33 _setup.exe
-- In Peace, Saqib Ali http://www.xml-dev.com/blog/
Current thread:
- Watchfire Free Tools watchfire_free_tools (Aug 02)
- Re: Watchfire Free Tools Paul Laudanski (Aug 02)
- Re: Watchfire Free Tools Rogan Dawes (Aug 03)
- Re: Watchfire Free Tools Tom Wells (Aug 03)
- Re: Watchfire Free Tools Saqib Ali (Aug 03)
- <Possible follow-ups>
- RE: Watchfire Free Tools Ronen Gottlib (Aug 03)
- Re: Watchfire Free Tools -kah.wee- (Aug 03)
- RE: Watchfire Free Tools Ory Segal (Aug 03)
- RE: Watchfire Free Tools Ory Segal (Aug 04)
- Re: Watchfire Free Tools Paul Laudanski (Aug 02)