Re: [Full-disclosure] Google auto redirect
come on what's funny about encoding a url? you don't see this as a vuln? REALLY geez peace... From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Marshall Whittaker Sent: 13 July 2010 21:17 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Google auto redirect I don't really consider this a vulnerability, but it's funny. http://www.google.com/search?q=%79%61%68%6F%6Fie=ISO-8859-1source=hphl=enbtnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 -- oxagast ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google auto redirect
did you actually try the link? cause it worked for me... On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie eddie.mcg...@ncr.comwrote: come on what's funny about encoding a url? you don't see this as a vuln? REALLY geez peace... -- *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Marshall Whittaker *Sent:* 13 July 2010 21:17 *To:* full-disclosure@lists.grok.org.uk *Subject:* [Full-disclosure] Google auto redirect I don't really consider this a vulnerability, but it's funny. http://www.google.com/search?q=%79%61%68%6F%6Fie=ISO-8859-1source=hphl=enbtnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 -- oxagast ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google auto redirect
In fact, open redirect is considered a vulnerability commonly involved in phishing attacks. http://www.owasp.org/index.php/Open_redirect On Wed, Jul 14, 2010 at 6:03 PM, Mario Vilas mvi...@gmail.com wrote: did you actually try the link? cause it worked for me... On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie eddie.mcg...@ncr.comwrote: come on what's funny about encoding a url? you don't see this as a vuln? REALLY geez peace... -- *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Marshall Whittaker *Sent:* 13 July 2010 21:17 *To:* full-disclosure@lists.grok.org.uk *Subject:* [Full-disclosure] Google auto redirect I don't really consider this a vulnerability, but it's funny. http://www.google.com/search?q=%79%61%68%6F%6Fie=ISO-8859-1source=hphl=enbtnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 -- oxagast ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google auto redirect
On Wed, Jul 14, 2010 at 10:19 AM, Juan Galiana jgali...@gmail.com wrote: In fact, open redirect is considered a vulnerability commonly involved in phishing attacks. by people who have a cursory but non-thorough understanding of security. http://scarybeastsecurity.blogspot.com/ To be fair, it is an area of some subtlety involving what browsers do and do not guarantee in terms of security indicators; and more importantly, misconceptions around capabilities and mindset of the less-technical end users that we as a community are trying to protect. Cheers Chris http://www.owasp.org/index.php/Open_redirect On Wed, Jul 14, 2010 at 6:03 PM, Mario Vilas mvi...@gmail.com wrote: did you actually try the link? cause it worked for me... On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie eddie.mcg...@ncr.com wrote: come on what's funny about encoding a url? you don't see this as a vuln? REALLY geez peace... From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Marshall Whittaker Sent: 13 July 2010 21:17 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Google auto redirect I don't really consider this a vulnerability, but it's funny. http://www.google.com/search?q=%79%61%68%6F%6Fie=ISO-8859-1source=hphl=enbtnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 -- oxagast ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google auto redirect
On Wed, Jul 14, 2010 at 10:32 AM, Chris Evans scarybea...@gmail.com wrote: On Wed, Jul 14, 2010 at 10:19 AM, Juan Galiana jgali...@gmail.com wrote: In fact, open redirect is considered a vulnerability commonly involved in phishing attacks. by people who have a cursory but non-thorough understanding of security. http://scarybeastsecurity.blogspot.com/ Oops, the long-term link is: http://scarybeastsecurity.blogspot.com/2010/06/open-redirectors-some-sanity.html Cheers Chris To be fair, it is an area of some subtlety involving what browsers do and do not guarantee in terms of security indicators; and more importantly, misconceptions around capabilities and mindset of the less-technical end users that we as a community are trying to protect. Cheers Chris http://www.owasp.org/index.php/Open_redirect On Wed, Jul 14, 2010 at 6:03 PM, Mario Vilas mvi...@gmail.com wrote: did you actually try the link? cause it worked for me... On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie eddie.mcg...@ncr.com wrote: come on what's funny about encoding a url? you don't see this as a vuln? REALLY geez peace... From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Marshall Whittaker Sent: 13 July 2010 21:17 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Google auto redirect I don't really consider this a vulnerability, but it's funny. http://www.google.com/search?q=%79%61%68%6F%6Fie=ISO-8859-1source=hphl=enbtnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 -- oxagast ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google auto redirect
sure you've probably all already worked this out, but if not * search?q=%79%61%68%6F%6F* searches for yahoo and * btnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79* tells google you're feeling lucky. safe. On Wed, Jul 14, 2010 at 10:14 AM, McGhee, Eddie eddie.mcg...@ncr.comwrote: come on what's funny about encoding a url? you don't see this as a vuln? REALLY geez peace... -- *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Marshall Whittaker *Sent:* 13 July 2010 21:17 *To:* full-disclosure@lists.grok.org.uk *Subject:* [Full-disclosure] Google auto redirect I don't really consider this a vulnerability, but it's funny. http://www.google.com/search?q=%79%61%68%6F%6Fie=ISO-8859-1source=hphl=enbtnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 -- oxagast ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google auto redirect
I don't really consider this a vulnerability, but it's funny. http://www.google.com/search?q=%79%61%68%6F%6Fie=ISO-8859-1source=hphl=enbtnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 -- oxagast ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/