Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Do world's famous companies take care of their securit

from [Valery Marchuk] Network Security [Permanent Link]
Subject: [Full-disclosure] Do world's famous companies take care of their security?
Date: Mon, 31 Jul 2006 11:17:20 +0300 
Do world's famous companies take care of their security?



There was discussion last week in the Full-Disclosure about XSS vulnerabilities 
in reply to XSS vulns in PayPal and Gadi Evron suggested creation of a separate 
mailing list for just XSS vulnerabilities. I would agree with him if PayPal and 
many other world's famous companies tried at least to patch such bugs:

The incident with Netscape must be example for everyone. Actually I don't 
understand the behavior of such companies. XSS bugs are easy to discover and 
easy to fix, so what's the problem? And instead of monitoring bugs these 
companies just put into risk their customers. That's how they do their business 
and that's how they take care of us - their customers. 

There are XSS flaws at Digg's and Netscape's web sites. Are they planning to 
fix them?

 

There are still XSS flaws at PayPal`s web site (two years and one week after 
XSS bugs were reveled). Are they planning to fix them? 



Example of XSS vulns are in my blog at 

http://www.securitylab.ru/blog/tecklord/?category=19



I will publish such information in my blog and hope that companies will take 
care of their security.

 


Valery Marchuk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Next by Date:  [Full-disclosure] Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5, Luigi Auriemma
Previous by Thread:  [Full-disclosure] UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Next by Thread:  Re: [Full-disclosure] Do world's famous companies take care of their security?, uncleron
Indexes:  [Date] [Thread] [Top] [All Lists]