Full Disclosure: Re: Google Sacure (A. Jodoin)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Google Sacure (A. Jodoin)

From: alexandre jodoin <jodoin_alexandre () hotmail com>
Date: Fri, 26 Oct 2007 10:01:15 -0400

How can security companies protect us if they can't even configure their shit right?

 
More on that :

From their "Pen Test Whitepaper" on http://www.sacure.com/index.php

"The Web-based authentication is exploited by using XSS (cross-site shipping) or SLQ injection or MITM 
(Man-in-the-Middle) attacks."
 
WTF is cross-site shipping ???
:)
_________________________________________________________________
Are you ready for Windows Live Messenger Beta 8.5 ? Get the latest for free today!
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Google Sacure (A. Jodoin) alexandre jodoin (Oct 26)
- Re: Google Sacure (A. Jodoin) Michael Holstein (Oct 26)
- <Possible follow-ups>
- Re: Google Sacure (A. Jodoin) Juha-Matti Laurio (Oct 26)
- Re: Google Sacure (A. Jodoin) alexandre jodoin (Oct 26)