|
Full Disclosure
mailing list archives
Re: adobe.com important subdomain SQL injection again!
From: Jeffrey Walton <noloader () gmail com>
Date: Sat, 18 Dec 2010 12:53:13 -0500
On Sat, Dec 18, 2010 at 11:58 AM, Maciej Gojny <vuln () ariko-security com> wrote:
hello full disclosure!
After six months from the first contact with Adobe security team, Â important
adobe.com subdomain is still vulnerable to SQL injection attacks. We hope
that this time, serious people will try to solve the problem.
There's a reason Adobe is the most attacked software [1,2], and its
probably because they write the most vulnerable software (or
adversaries are looking for a challenge, which seems less intuitive
and highly unlikely to me).
It appears "insecurity" is an enterprise wide practice, and not just
limited to their software.
Jeff
[1] "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009)
http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/
[2] "Adobe predicted as top 2010 hacker target" (Dec 2009)
http://www.theregister.co.uk/2009/12/29/security_predictions_2010/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
(Thread continues...)
|
