Network Security: Detailed info on Re: [Full-disclosure] Not even the NSA can get it right

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-disclosure] Not even the NSA can get it right

from [Aaron Horst] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] Not even the NSA can get it right
Date:	Thu, 26 May 2005 10:44:51 -0400

On 5/25/05, Castigliola, Angelo <ACastigliola@unumprovident.com> wrote:

What would XSS on NSA.GOV get a hacker anyways? Steal my NSA.GOV cookie

"CFID
756140
nsa.gov/
1024
2871474816
31895379
3010520960
29692615
*
CFTOKEN
41950083
nsa.gov/
1024
2871474816
31895379
3010820960
29692615
*"

Don't think a hacker could do much with this. At best someone could try
to use the exploit to phish passwords from NSA.GOV employees.

-Angelo Castigliola III
Security Architect


I don't know about you, but I personally think you could do quite a
bit of identity theft by seeing a few NSA applicants' resumes. Who
else would be more willing to give a "recruiter" sensitive personal
information?

https://www.nsa.gov/applyonline/index.html

AnthraX101
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Full-disclosure] Not even the NSA can get it right, (continued) Re: [Full-disclosure] Not even the NSA can get it right, James Tucker Re: [Full-disclosure] Not even the NSA can get it right, Eric Paynter Re: [Full-disclosure] Not even the NSA can get it right, Mister Coffee Re: [Full-disclosure] Not even the NSA can get it right, Virus Friendly Re: [Full-disclosure] Not even the NSA can get it right, Paul Kurczaba Re: [Full-disclosure] Not even the NSA can get it right, imipak RE: [Full-disclosure] Not even the NSA can get it right, Lachniet, Mark RE: [Full-disclosure] Not even the NSA can get it right, Castigliola, Angelo RE: [Full-disclosure] Not even the NSA can get it right, James Longstreet Re: [Full-disclosure] Not even the NSA can get it right, Valdis . Kletnieks Re: [Full-disclosure] Not even the NSA can get it right, Aaron Horst <=

Previous by Date:	Re: [Full-disclosure] Re: Hack Your Credit Card Company (OT), phased
Next by Date:	[Full-disclosure] [USN-134-1] Firefox vulnerabilities, Martin Pitt
Previous by Thread:	Re: [Full-disclosure] Not even the NSA can get it right, Valdis . Kletnieks
Next by Thread:	[Full-disclosure] http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html, g0tcha
Indexes:	[Date] [Thread] [Top] [All Lists]