I think this demonstrates that the web design people haven't a clue about security. They're opening up their webserver to all sorts of potential expliots. If he can get some simple javascript to run then maybe other people can also do more sophisticated stuff.
Also, if they're that lax about security on their own machines, even their externally facing machines, then what does that say about the products they sell? They're supposed to be in the software business and stress in their marketing campaigns that their top concern is now security.
Is is hypocrisy or is it incompetence?
</opinion>
_________________________________________________________________
Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
