|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: A.L.E.R.T.: BigMailBox.com href tokens leave mailboxes open to control by a malicious site.
From: Cancer Omega (comega
ATTRITION.ORG)Date: Wed Feb 23 2000 - 12:03:23 CST
- Next message: Doctor Muerte: "Re: Toshiba NoteBooks BIOS Password Backdoor - Password Cracker - Follow The Instructions."
- Previous message: Microsoft Product Security: "Microsoft Security Bulletin (MS00-013)"
- Maybe reply: Cancer Omega: "Re: A.L.E.R.T.: BigMailBox.com href tokens leave mailboxes open to control by a malicious site."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 23 Feb 2000, Jim Paris wrote:
> > BigMailBox.com was notified of the problem on Fri, 11 Feb 2000. After
> > additional testing and verification, staff of BigMailBox.com patched
> > the vulnerability on Mon, 14 Feb 2000.
> ...
> > Contact BigMailBox and complain about shoddy and insecure e-mail access.
>
> They patched the hole in 3 days (over a weekend, no less!). I don't
> think that demands mass complaints about "shoddy and insecure"
> e-mail. They seem to have been very responsible about the bug.
The fix did not occur three days following notification. After posting
our notice, we were notified by another Bugtraq subscriber that said
vulnerability had been previously posted to Bugtraq over a *month* ago.
(Yeah, we missed that, but so did BigMailBox.)
.c
- Next message: Doctor Muerte: "Re: Toshiba NoteBooks BIOS Password Backdoor - Password Cracker - Follow The Instructions."
- Previous message: Microsoft Product Security: "Microsoft Security Bulletin (MS00-013)"
- Maybe reply: Cancer Omega: "Re: A.L.E.R.T.: BigMailBox.com href tokens leave mailboxes open to control by a malicious site."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]