Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Not even the NSA can get it right
From: Aaron Horst <anthrax101 () gmail com>
Date: Thu, 26 May 2005 10:44:51 -0400

On 5/25/05, Castigliola, Angelo <ACastigliola () unumprovident com> wrote:
What would XSS on NSA.GOV get a hacker anyways? Steal my NSA.GOV cookie

"CFID
756140
nsa.gov/
1024
2871474816
31895379
3010520960
29692615
*
CFTOKEN
41950083
nsa.gov/
1024
2871474816
31895379
3010820960
29692615
*"

Don't think a hacker could do much with this. At best someone could try
to use the exploit to phish passwords from NSA.GOV employees.

-Angelo Castigliola III
Security Architect


I don't know about you, but I personally think you could do quite a
bit of identity theft by seeing a few NSA applicants' resumes. Who
else would be more willing to give a "recruiter" sensitive personal
information?

https://www.nsa.gov/applyonline/index.html

AnthraX101
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]