Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: A.L.E.R.T.: BigMailBox.com href tokens leave mailboxes open to control by a malicious site.
From: comega () ATTRITION ORG (Cancer Omega)
Date: Wed, 23 Feb 2000 11:03:23 -0700

On Wed, 23 Feb 2000, Jim Paris wrote:


BigMailBox.com was notified of the problem on Fri, 11 Feb 2000. After
additional testing and verification, staff of BigMailBox.com patched
the vulnerability on Mon, 14 Feb 2000.

...

Contact BigMailBox and complain about shoddy and insecure e-mail access.


They patched the hole in 3 days (over a weekend, no less!).  I don't
think that demands mass complaints about "shoddy and insecure"
e-mail.  They seem to have been very responsible about the bug.


The fix did not occur three days following notification.  After posting
our notice, we were notified by another Bugtraq subscriber that said
vulnerability had been previously posted to Bugtraq over a *month* ago.
(Yeah, we missed that, but so did BigMailBox.)

.c

  By Date           By Thread  

Current thread:
  • Re: A.L.E.R.T.: BigMailBox.com href tokens leave mailboxes open to control by a malicious site. Cancer Omega (Feb 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]