Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: further to the XSS flaw in eEye by Valery Marchuk
From: "Valery Marchuk" <tecklord () argocom cv ua>
Date: Mon, 21 Aug 2006 23:00:13 +0300

There was XSS vulnerability previous time and lots of people saw that. eEye reacted really fast and fixed it during one working day and now Ross Brown denies the existence of that flaw. Interesting, how does eEye feel to be in Microsoft`s shoes?

I don`t think I`m the right person to explain you what really XSS means. If you think it`s not dangerous and your customers are safe - so be it. They are your customers - not mine. And you probably don`t have to fix this flaw :)

Responsible disclosure is definitely good stuff. If you wouldn`t deny the existence of previous vulnerability, this stuff would never go into the public :).



Have a nice day and keep your web site secure

Valery



----- Original Message ----- From: Alan Shimel
To: full-disclosure () lists grok org uk
Sent: Monday, August 21, 2006 8:40 PM
Subject: [Full-disclosure] further to the XSS flaw in eEye by Valerie Marchuk


I posted further today to the XSS flaw found in the eEye web site with quotes from the eEye CEO.

You can read it here: http://www.stillsecureafteralltheseyears.com/ashimmy/2006/08/but_if_doesnt_b.html


Would welcome comments on whether you think it is harmless or not?

Alan

StillSecure
Alan Shimel
Chief Strategy Officer

O 303.381.3815
C 516.857.7409
F 303.381.3881


www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: further to the XSS flaw in eEye by Valery Marchuk Valery Marchuk (Aug 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault