Think out your damned rules. Please. Test them! Try to break them yourselves!
This isn't really disclosure but I think this list has an audience that this is
appropriate for.
Please think twice about adding wildcard (as in, all users, or effectively all
users that will be logging into a
Think out your rules. Please. Test them! Try to break them yourselves!
This isn't really disclosure but I think this list has an audience that this is
appropriate for.
Please think twice about adding wildcard (as in, all users, or effectively all
users that will be logging into a machine) sudo
Sorry about that double post. Got a bounce message saying something about
blocked for language and didn't check the archive before resending. My bad.
On Jul 18, 2011, at 9:45 PM, Doug Huff wrote:
--
Douglas Huff
PGP.sig
Description: This is a digitally signed message part
Step 1: Have USD available for spending on mtgox.com.
Step 2: Put in a buy order large enough to drain your account. Low enough under
the current trading price that it will not execute immediately.
Step 3: Withdraw all USD funds.
Step 4: Wait for market to fall enough to meet your order.
Step 5:
bug.
--
Doug Huff
smime.p7s
Description: S/MIME cryptographic signature
PGP.sig
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
In light of recent events in the bitcoin community I have decided that
private disclosure of issues is doing nothing but making them more prevalent.
In light of this decision I would like to report multiple CSRF vulnerabilities
in http://clearcoin.appspot.com .
This set of CSRFs are
Message bounced due to lack of subscription the first time. Resending.
Site has already been pulled as this was simultaneously sent to the bitcoin
development list.
On Jun 19, 2011, at 4:54 PM, Doug Huff wrote:
In light of recent events in the bitcoin community I have decided that
private