|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
From: Michael Strutton (strutton
corp.earthlink.net)
Date: Fri Jan 26 2007 - 15:48:38 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -------- Original Message --------
> Subject: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe
> Methods Vulnerability
> Date: Fri, 26 Jan 2007 02:23:51 +0800
> From: Ethan Hunt <m34rhackermail.com>
> To: full-disclosurelists.grok.org.uk
>
> Title:
> -------------------
> Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
>
A number of teams at EarthLink have reviewed both this claim and our
code. We have concluded that this exploit does not exist. While we
can not go into the details of our proprietary code, we can confirm
validation methods are in place that would prevent an outsider from
gaining access to the spamBlocker whitelist via these APIs.
Thanks,
Michael Strutton
Director Product Management, Client Software
EarthLink
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]