|
Full Disclosure
mailing list archives
Re: Predefined Post Authentication Session ID Vulnerability
From: Григорий Братислава <musntlive () gmail com>
Date: Fri, 13 Jul 2012 16:37:38 -0400
On Fri, Jul 13, 2012 at 7:23 AM, Gokhan Muharremoglu
<gokhan.muharremoglu () iosec org> wrote:
Ok. It seems i have to explain this vulnerability's effects with another
scenario.
This is a real life scenario and i wrote it in a Turkish article for
National Information Security Portal which is run by TUBITAK.
Article in Turkish with scenario =>
http://www.iosec.org/oturum_oncesi_tanimli_cerez.pdf
I will explain it in English now.
There are KIOSK/Terminal machines at bank branches in Turkey. Customers can
reach to the regular Internet banking applicaton from here.
This is real life common sense is answer. "So you walk into a bank"
are you is serious?
Is most stupid example than Security Chicken Tim. I am is walk into
bank to do this stupidity while I am on is camera?
Where are you is new 10 year and is under experience security freaks
come is from?
Hello Full Disclosure!! !! !!
Is like to warn you about is robbing banks without is mask and waving to camera
pizda
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
