|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] RCSR fun: stealing FF passwords the easy way
From: Stefan Esser (sesser
hardened-php.net)
Date: Sat Nov 25 2006 - 06:49:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sorry to disappoint you but this RCSR is nothing else than the usual Web
Application Security Hype that happens when one of the big Web2.0
websites that does something really stupid is hit by old stuff.
The "new vulnerability" discovered in Firefox was already described in
2005 in Web Application Security talks and is already covered in atleast
one german PHP Security Book from 2005.
Stefan Esser
pagvac schrieb:
> FYI, it appears this issue was reported way back in August 2006 by RSnake:
>
> http://ha.ckers.org/blog/20061122/programmatic-password-theft-is-back/
>
> On 11/24/06, pagvac <unknown.pentestergmail.com> wrote:
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]