On 7/31/06, Valery Marchuk <tecklord@argocom.cv.ua> wrote:
Do world's famous companies take care of their security?
There was discussion last week in the Full-Disclosure about XSS
vulnerabilities in reply to XSS vulns in PayPal and Gadi Evron suggested
creation of a separate mailing list for just XSS vulnerabilities. I would
agree with him if PayPal and many other world's famous companies tried at
least to patch such bugs…
The incident with Netscape must be example for everyone. Actually I don't
understand the behavior of such companies. XSS bugs are easy to discover and
easy to fix, so what's the problem? And instead of monitoring bugs these
companies just put into risk their customers. That's how they do their
business and that's how they take care of us – their customers.
There are XSS flaws at Digg's and Netscape's web sites. Are they planning to
fix them?
There are still XSS flaws at PayPal`s web site (two years and one week after
XSS bugs were reveled). Are they planning to fix them?
Example of XSS vulns are in my blog at
http://www.securitylab.ru/blog/tecklord/?category=19
I will publish such information in my blog and hope that companies will take
care of their security.
Valery Marchuk
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hi,
This subject has already been discussed, so you're best reading the
original thread than encouraging people to repeat what they've already
said:
[snip]
laws are needed to make it more illegal for
corporations to shurg off cross site scripting being left unpatched.
[/snip]
Read my full reply:
http://groups.google.com/group/n3td3v/browse_thread/thread/19c0473bf4222572/ca276ba9113d791e
n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
