Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] RCSR fun: stealing FF passwords the easy way
From: Stefan Esser (sesserhardened-php.net)
Date: Sat Nov 25 2006 - 06:49:48 CST
Sorry to disappoint you but this RCSR is nothing else than the usual Web
Application Security Hype that happens when one of the big Web2.0
websites that does something really stupid is hit by old stuff.
The "new vulnerability" discovered in Firefox was already described in
2005 in Web Application Security talks and is already covered in atleast
one german PHP Security Book from 2005.
> FYI, it appears this issue was reported way back in August 2006 by RSnake:
> On 11/24/06, pagvac <unknown.pentestergmail.com> wrote:
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/