Fizzle allows feeds to use HTML in feed data resulting in JavaScript being
run in the chrome: window with chrome permissions. The extension will
convert HTML entities back to their ASCII equivalents thus < becomes <
and so forth. Various feeds fields are vulnerable including the title which
allows
--
Powered by Outblaze
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Powered by Outblaze
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
After seeing HDM's browser fuzzing I was wondering would it be practical to do
this on a large scale like using http://boinc.berkeley.edu/ to fuzz
applications and find more bugs. Just an idea O.O
Regards,
CM
--
___
Check out the latest SMS services
c, I'm going to get back to doing my homework and
move on. Thanks for all the insight on the topic guys, take care.
> - Original Message -
> From: "Sol Invictus" <[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[EMAIL PROTECTED]>
> Subject: Re:
lt;[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] Should I Be Worried?
> Date: Wed, 26 Apr 2006 15:04:04 -0400
>
>
> CrYpTiC MauleR wrote:
>
> > After reading http://www.securityfocus.com/news/11389 it made
After reading http://www.securityfocus.com/news/11389 it made me think twice
about actually going public with my school's security hole by having school
notify students, parents and/or faculty at risk due to it.
I mean I didnt access any records, just knew that it was possible for someone
to ac
ly? Have your broken into any of his linux boxen? Maybe he doesn't
> run linux but rather HPUX, IRIX, Solaris, OpenSolaris or even Windows.
>
> Just because your users are idiots doesn't mean CrYpTic is an idiot.
>
> You seem overly agitated today, are you getting read
What is wrong with schools these days?
> Date: Tue, 25 Apr 2006 12:26:55 -0500
>
>
> CrYpTiC MauleR wrote:
> > All you had to say was Microsoft =oP
> >
> That's hilarious. The number one defaced website OS is Linux.
> (See Zone-H.org if you don't bel
Yay!!! The school finally called back and I got to talk to the guy in charge of
maintaining the site. Him and his colleagues have fixed the hole and will also
be auditing the site and checking to see if any breaches have occurred. I will
not disclose the school's name yet until that is taken car
I am asking questions not trying to get attention as you falsely seem to
perceive. It seems as if you are the one trying to flame and gather attention.
Unless you can answer any of my questions please don't direct any posts at me,
its of not beneficial use to me or anyone else. Also no, I do not
very busy always in meetings, or could be
doing nothing but watching TV. I'm sure the Attorney General won't like that
though =o)
> - Original Message -
> From: "Sol Invictus" <[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[EMAIL PROTECTED]
All you had to say was Microsoft =oP
> - Original Message -
> From: "Dave Alanis" <[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[EMAIL PROTECTED]>, full-disclosure@lists.grok.org.uk
> Subject: re: [Full-disclosure] What is wrong with schools t
Already 2 school breaches on the news this week and my school will soon be
added to the ever growing list, is this a trend? I mean how hard is it to
protect some data. Allocate all the sensitive data on a select few servers and
harden the hell out of them. Do these schools have info scattered ar
-
> From: "Dave "No, not that one" Korn" <[EMAIL PROTECTED]>
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] Re: Who Do I Contact?
> Date: Sun, 23 Apr 2006 15:18:49 +0100
>
>
> CrYpTiC MauleR wrote:
>
> > students
My parents do not work there, I never said they do. Did it ever occur to you
that the school would have stored parent info from financial aid? also I do not
plan on revealing any SSNs to anyone even to make a point. That will definetly
get me jail time even if its in good faith.
> - Origin
How many times do I have to tell everyone I am NOT in the same state as the
school right now I am at my parents' house for the week. So looking up my IP
addy won't get you even close to where the school is located. Second, I have
called it a school, it could be a Univeristy, College, Community C
here it is.
> - Original Message -
> From: "Dave "No, not that one" Korn" <[EMAIL PROTECTED]>
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] Re: Who Do I Contact?
> Date: Sat, 22 Apr 2006 23:05:03 +0100
>
>
> CrYpTi
I agree with Bailey, there are just some instances where FD is not the way to
go. I mean if your neighbors knew you kept your spare house keys under the
flower pot and they went FD to the neighborhood, would you still beleive FD was
the way to go? I highly doubt so, otherwise you would not have
I can not stress the fact I will not be going public with it since it risks MY
information and MY PARENTS' information. Reason I have not given details of the
hole other than its implications and will not post the school's name or even
state which it resides in until this is fixed and the site h
e@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Who Do I Contact?
> Date: Sat, 22 Apr 2006 15:59:25 -0400
>
>
> On 4/22/06, CrYpTiC MauleR <[EMAIL PROTECTED]> wrote:
> > I'm sorry I don't plan on going public with the details of the
> > hole except
Yes which is why I would never do it =o). I had contected tech support talked
to them about it and they didnt know what I was talking about and well...seemed
like they just got that position for something other than having any expertise.
I finally managed to contact the VP of IT and he assured m
I apologize for not keeping the emails private. The email never
stated to keep them private and all my emails to this account are
from FD so didnt think twice about not emailing to the list since
thats where the original question was posted. I would still like
help from you if are still willin
You know what forget it then. I am asking for help but seems I am just being
shot down. bye.
> - Original Message -
> From: "Gadi Evron" <[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] Who Do
le to view other
people's info is illegal.
> - Original Message -
> From: Exibar <[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[EMAIL PROTECTED]>, RLVaughn <[EMAIL PROTECTED]>
> Subject: RE: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do
you think that way of
me, but I'm not stupid and won't post what I believe would be private and thats
the school name or anything of that sort.
> - Original Message -
> From: "Gadi Evron" <[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[
which by as I can guess has been
there since 2003. Time will tell.
> - Original Message -
> From: Laura <[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] Who Do I Contact?
> Date: Sat, 22 Apr 2006 10:02:0
gt; Date: Sat, 22 Apr 2006 12:52:14 -0400
>
>
> On 4/22/06, CrYpTiC MauleR <[EMAIL PROTECTED]> wrote:
> > I am sorry I am not going to say who the school is. Mainly because so many
> > socials numbers are at risk including mine. I have contacted the
> > VP of Informa
> Subject: Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
> Date: Sat, 22 Apr 2006 11:41:59 -0500
>
>
> Gadi Evron wrote:
> > CrYpTiC MauleR wrote:
> >> I am sorry I am not going to say who the school is. Mainly
> >> because so many socials numbers are at r
Message -
> From: "Gadi Evron" <[EMAIL PROTECTED]>
> To: "CrYpTiC MauleR" <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] Who Do I Contact?
> Date: Sat, 22 Apr 2006 19:30:00 +0200
>
>
> CrYpTiC MauleR wrote:
> > I am sorry I am not
I am sorry I am not going to say who the school is. Mainly because so many
socials numbers are at risk including mine. I have contacted the VP of
Information Technology and he assured me he would call the company that makes
the website. After 20 days the hole was not fixed, so I called the depar
If there is a security hole in a site of an educational institute that exposes
social security numbers and they have not fixed it even when told about it. Who
can be contacted to get it done? Department of Education? If so anyone know a
phone number I can call? Btw this is in the USA.
--
_
32 matches
Mail list logo