IT would help if DansGuardian did stop you downloading the updated
version! ; )
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Michal Zalewski
Sent: 31 January 2007 23:19
To: [EMAIL PROTECTED]
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.o
On Sat, 27 Jan 2007, Michal Zalewski wrote:
> I'd like to announce the availability of 'stompy', a free tool to perform
> a fairly detailed black-box assessment of WWW session identifier
> generation algorithms.
I'm genuinely surprised by the amount of (mostly positive ;-) feedback I
got! Just an
Michal Zalewski wrote:
> Hi all,
>
> I'd like to announce the availability of 'stompy', a free tool to perform
> a fairly detailed black-box assessment of WWW session identifier
> generation algorithms. Session IDs are commonly used to track
> authenticated users, and as such, whenever they're pred
On Sun, 28 Jan 2007, Rogan Dawes wrote:
> Just wanted to point out that Dave has had nothing to do with WebScarab
> (and that I recognise that WebScarab's analysis is pretty trivial).
Geee, sorry, I suck for misspelling your name (but feel retroactively
avenged: this happens to me quite often ;-)
Very cool.
On 1/27/07 7:29 AM, "Michal Zalewski" <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I'd like to announce the availability of 'stompy', a free tool to perform
> a fairly detailed black-box assessment of WWW session identifier
> generation algorithms. Session IDs are commonly used to track
Hi all,
I'd like to announce the availability of 'stompy', a free tool to perform
a fairly detailed black-box assessment of WWW session identifier
generation algorithms. Session IDs are commonly used to track
authenticated users, and as such, whenever they're predictable or simply
vulnerable to br
