Network Security: Detailed info on Re: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulne

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulne

from [Michael Strutton] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability
Date:	Fri, 26 Jan 2007 16:48:38 -0500

-------- Original Message --------
Subject: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe  
Methods Vulnerability
Date: Fri, 26 Jan 2007 02:23:51 +0800
From: Ethan Hunt <m34r@hackermail.com>
To: full-disclosure@lists.grok.org.uk

Title:
-------------------
Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability


A number of teams at EarthLink have reviewed both this claim and our  
code. We have concluded that this exploit does not exist. While we  
can not go into the details of our proprietary code, we can confirm  
validation methods are in place that would prevent an outsider from  
gaining access to the spamBlocker whitelist via these APIs.

Thanks,
Michael Strutton
Director Product Management, Client Software
EarthLink

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability, Ethan Hunt Re: [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability, Michael Strutton <=

Previous by Date:	[Full-disclosure] iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability, iDefense Labs
Next by Date:	[Full-disclosure] [ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability, security
Previous by Thread:	[Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability, Ethan Hunt
Next by Thread:	[Full-disclosure] [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery], Netragard Security Advisories
Indexes:	[Date] [Thread] [Top] [All Lists]