Just google boze and you will see what I am saying
-JPwho prefers to google booze and see what he iz saying
Have tried your advice and googled a bit:)
XSS at google.com
Example:
http://www.securitylab.ru/blog/tecklord/156.php
Valery
___
Do worlds famous companies take care of their
security?
There was discussion last week in the
Full-Disclosure about XSS vulnerabilities in reply to XSS vulns in PayPal and
Gadi Evron suggested creation of a separate mailing list for just XSS
vulnerabilities. I would agree with him if
On 7/31/06, Valery Marchuk [EMAIL PROTECTED] wrote:
Do world's famous companies take care of their security?
There was discussion last week in the Full-Disclosure about XSS
vulnerabilities in reply to XSS vulns in PayPal and Gadi Evron suggested
creation of a separate mailing list for just
On 7/31/06, Valery Marchuk [EMAIL PROTECTED] wrote:
I will publish such information in my blog and hope that companies will take
care of their security.
That comment bugs me, because when you are a large multi national
corporation, it is no longer THEIR security, it is OUR security,
because
Does anybody happen to realize that XSS vulnerabilities make it simpler
to leverage other vulnerabilities? I mean, credential stealing is only
the beginning. Try loading WMF/JPEG/DCOM/AJAX/etc exploit code using
an XSS vulnerability on PayPal/Yahoo/Amazon/etc, sending the link off
to millions of
My experience has been that many companies simply do not care about
security until they are forced to.
I used to work for a company called Isthmus Group, which claimed to
be a security consulting company. Their web hosting environment
featured an array of unpatched web servers with
On 7/31/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
My experience has been that many companies simply do not care about
security until they are forced to.
opinion
The problem with companies is that they are pubicly traded. This means
that if total profits for your company are