regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Vulnerabilities in *McAfee.com
From: YGN Ethical Hacker Group lists () yehg net
Date: Mon, 28 Mar 2011 00:02:47 +0800
Vulnerabilities in *McAfee.com
___
Full-Disclosure
+1.
I've come across countless companies who had idiotic technical directors who
didn't even want you speaking up in meetings about how bad their network
was, let alone in public.
A lot of it comes down to pride/image, if someone starts questioning their
job worth, they get all pissy about it,
, March 30, 2011 5:44 AM
To: Pablo Ximenes
Cc: full-disclosure
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page
An interesting notion.
I have to say their mailing list comment didn't exactly shine with
professionalism, but there again, nor do mine. So I dunno :p
On Wed, Mar 30, 2011 at 9:10 PM, andrew.wallace
andrew.wall...@rocketmail.com wrote:
Guys,
Is it because these are Burmese hackers as to why
: [Full-disclosure] Vulnerabilities in *McAfee.com
Well, I think there is a flip side to this, and that is the fact that no
one is asking these people to inspect their sites for vulnerabilities.
They are taking it upon themselves to scan the sites actively looking for
vulnerabilities for the sole
Nothing new under the sun.. i have done some security testing on _open
source_ webapps, and most of the time
if you allert the publisher of your founding ( most of the time remote
code executions, not boring XSS ) the answer is tipically F*** off,
we do not need your help / you are lying / you are
On 31/03/2011 13:13, BlackHawk wrote:
to close with a semi-serious joke: put all this together and you will
know why black market selling of exploit is increasing his size: at
least someone will appreciate your work and eventually recompensate
you for it..
Everyone makes mistakes. Being
On Thu, 31 Mar 2011 15:18:08 BST, Jacqui Caren-home said:
A lot of businesses do not consider constructive criticism as positive and
will sometimes do everything in thier power to PR you to death - its
often seen as cheaper than fixing the problem.
In fact, it often *is* cheaper than actually
On Wed, 30 Mar 2011 20:33:56 BST, Cal Leeming said:
Like with most laws, the key point is intent. If your intention was
clearly not malicious, then you are safe.
Ask Randall Schwartz how that worked out for him. intent doesn't
enter into it as much as a defendant may like.
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
valdis.kletni...@vt.edu
Sent: Thursday, March 31, 2011 3:30 PM
To: Cal Leeming
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Vulnerabilities
On Thu, Mar 31, 2011 at 3:30 PM, valdis.kletni...@vt.edu wrote:
...
Ask Randall Schwartz how that worked out for him. intent doesn't
enter into it as much as a defendant may like.
intel has a long history of strong arming legal strong-arming against
those who provoke the beast's wrath.
it
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); //
You guys know our disclosed issues are very simple and can easily be
found through viewing
I'm sure they pjear the xss 4nd w3bbug f1nd1ng sk1llz of the renowned
ethical hacking group YGN!!!111
(Plzdontxssme)
On 3/30/11, YGN Ethical Hacker Group li...@yehg.net wrote:
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;;
However, it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/, according to Network
World News editor - Ellen Messmer. Thus, the next target is Cenzic
web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner
is.
On Wed, Mar 30,
?
On Wed, Mar 30, 2011 at 1:49 PM, Benji m...@b3nji.com wrote:
I'm sure they pjear the xss 4nd w3bbug f1nd1ng sk1llz of the renowned
ethical hacking group YGN!!!111
(Plzdontxssme)
On 3/30/11, YGN Ethical Hacker Group li...@yehg.net wrote:
According to xssed.com, there are two remaining
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of YGN Ethical
Hacker Group
Sent: Wednesday, March 30, 2011 5:44 AM
To: Pablo Ximenes
Cc: full-disclosure
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
According to xssed.com, there are two remaining XSS issues:
https
Group
Sent: Wednesday, March 30, 2011 5:44 AM
To: Pablo Ximenes
Cc: full-disclosure
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https
On Wed, Mar 30, 2011 at 8:44 AM, YGN Ethical Hacker Group
li...@yehg.net wrote:
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); //
You guys
/Canada Eastern
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
On Wed, Mar 30, 2011 at 8:44 AM, YGN Ethical Hacker Group
li...@yehg.net wrote:
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https
: full-disclosure
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Seriously. I gotta say I feel like people at Cenzic (and Mcafee for that
matter),
if anyone should understand that a XSS should really only be construed a
'criminal act' if it's indeed used to attack someone
@lists.grok.org.uk
Sent: Wednesday, March 30, 2011 2:12:37 PM GMT -05:00 US/Canada Eastern
Subject: RE: [Full-disclosure] Vulnerabilities in *McAfee.com
Well, I think there is a flip side to this, and that is the fact that no one is
asking these people to inspect their sites for vulnerabilities
;
rdse...@mtu.edu
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Guys,
Is it because these are Burmese hackers as to why everyone is getting in a
pickle, e.g eastern hackers attacking western companies? I feel an Obama moment
coming on, where he
is interesting list fodder though...
-Original Message-
From: Ryan Sears [mailto:rdse...@mtu.edu]
Sent: Wednesday, March 30, 2011 12:30 PM
To: Thor (Hammer of God)
Cc: full-disclosure; noloa...@gmail.com
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
How about the scenario in which
On Wed, Mar 30, 2011 at 4:36 PM, Thor (Hammer of God)
t...@hammerofgod.com wrote:
I have that very strip printed and on the wall in my office :) You make
several points, but the response that immediately comes to mind is that I
actually see a difference between actively scanning content
: Jeffrey Walton noloa...@gmail.com
To: Thor (Hammer of God) t...@hammerofgod.com
Cc: Ryan Sears rdse...@mtu.edu, full-disclosure
full-disclosure@lists.grok.org.uk
Sent: Wednesday, March 30, 2011 5:28:59 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Thanks for all your inputs and discussions.
We believe keeping these information as secret is unethical and irresponsible.
For those who think/criticize we're unethical /illegal,
there is so-called Passive Scanning
FIY
http://it.slashdot.org/story/11/03/28/209230/McAfees-Website-Full-of-Security-Holes
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/28 Pablo Ximenes pa...@ximen.es:
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/27 YGN Ethical Hacker Group li...@yehg.net
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in')
- Information Disclosure Internal Hostname:
Vulnerabilities in *McAfee.com
Am I right? Do they offer Verified by McAfee security services but are
too lazy to fix their own shit? If so, LOL :D
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
On Sun, Mar 27, 2011 at 7:45 PM, n...@myproxylists.com wrote:
Vulnerabilities in *McAfee.com
Am I right? Do they offer Verified by McAfee security services but are
too lazy to fix their own shit? If so, LOL :D
Maybe you should grow up you little twerp.
Andrew
Are you trying to make
GROUP HUG!
On Sun, Mar 27, 2011 at 9:02 PM, n...@myproxylists.com wrote:
On Sun, Mar 27, 2011 at 7:45 PM, n...@myproxylists.com wrote:
Vulnerabilities in *McAfee.com
Am I right? Do they offer Verified by McAfee security services but are
too lazy to fix their own shit? If so, LOL :D
32 matches
Mail list logo
