On Tue, 2006-12-26 at 15:17 +0800, Deepan wrote:
> Hi All,
> The following sites have XSS problems
>
> 1) http://chennaionline.com/search/ ( the first search box )
>
> The user input for search is later displayed in the result page. No
> filtering is done to remove Java Scripts in the query.
http://blog.info-pull.com/2006/12/26/applescript-even-easier-than-vbs-i/
-KF
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Response from CEO regarding 12.22.06 posting.
Please note that as of September 29, 2006, Jeff Bernstein was no longer
employed by Sacure Corporation. Any concerns or problems that you may have
had with Mr. Bernstein during his employment at Sacure, please feel free to
contact me directly to dis
I am a CTO of a large company in NYC and have been very satisfied
with Sacure Enterprise Security www.sacure.com and the staff. They
were responsive, professional and credible.
Initially, Jeff fed me the same lines but he was apparently fired,
(sometime over the summer), and the President cont
This is from Digg:
http://www.digg.com/security/Flaws_Detected_in_Microsoft_s_Vista#c4423646
Can anyone reproduce this?
Cheers,
/ex.
http://www.email.si/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/f
On 12/25/06, Andre Gironda <[EMAIL PROTECTED]> wrote:
> ...
> how about never? http://www.cs.columbia.edu/~smb/papers/acm-predict.pdf
>
> it is quite likely that the implications of risk in information
> security is something we just have to live with for our lifetimes and
> probably our childrens'
>>http://www.digg.com/security/Flaws_Detected_in_Microsoft_s_Vista#c4423
646
[[People are going to be suprised how buggy Vista is when they use it
for a good solid 3 months. I've been using Vista in my own machine at
work, and its just horrible. Besides the compatibility problems, alot of
things a
Sheesh... funny that this chump said he was in with the individual that
single handedly started the HP / DMCA fiasco.
Since that person is most likely ME (or a former employee of mine) and I
have never heard of this guy I got a good belly laugh out of this.
So Jeff... do me a favor buddy... keep
On Mon, 18 Dec 2006, Nguyen Pham wrote:
> The problem is that I can hardly find out some real examples in the
> field of network security in terms of sub-networks, firewalls, servers,
> applications, etc. with their corresponding security properties.
A trivial emergent loss of security: You have
On Tuesday 26 December 2006 14:02, coderman wrote:
> the vast majority of software developed does not pursue even trivial
> security assurances.
> look at the month of kernel bugs to see how common and trivial
> validations are ignored in critical kernel interfaces to file systems
> and device
On 12/26/06, Pavel Kankovsky <[EMAIL PROTECTED]> wrote:
> ...
> I am afraid it will be pretty difficult to find an example where the
> security increases with complexity. Perhaps some Byzantine
> "security-breach tolerant" systems?
the only example that comes to mind is distributed / collaborative
On Dec 26, 2006, at 4:19 PM, coderman wrote:
> the only example that comes to mind is distributed / collaborative
> anomaly detection systems which become more robust with a larger
> number of entities and interactions to observe.
While scale introduced complexity in terms of opex and maintenanc
So - hypothetically - the first result of the sample run at
sqid.rubyforge.org would only yield a Microsoft OLE DB provider error (Unclosed
quotation mark before the character string).
Now, granted, this is bad practice if they can't trap their errors, but I
also don't see how this constitutes pr
In terms of complexity/size helping security, there may be
additional categories:
1. Anomaly detection might be part of a broader category of
knowledge-based approaches that work better at large scale. For
instance, expert systems to detect credit card fraud or identity theft
detection tend to
14 matches
Mail list logo
