|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dan Kaminsky (dan
doxpara.com)
Date: Thu Feb 24 2011 - 20:49:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It's change. And change is scary.
(Seriously, nothing wrong with hashbang, except perhaps a slightly
increased risk of CSRF from people forgetting, yes, the web's broken
session management is still broken even with client side JS page
assembly.)
On Wed, Feb 23, 2011 at 2:51 PM, Security Conscious
<securityconsciousguygmail.com> wrote:
> Could someone please have a look at these twitter posts:
> http://twitter.com/#!/achitnis/status/40444144992260096
> http://twitter.com/#!/achitnis/status/40447225658228736
> http://twitter.com/#!/achitnis/status/40450742326140928
> and explain why the presence of #! in URLs would freak out ANY security
> conscious guy?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]