Network Security: Detailed info on Re: Re: Re: Suggestion: email anti-spoof measure on web site

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Re: Re: Suggestion: email anti-spoof measure on web site

from [mike] Network Security

[Permanent Link]

Subject:	Re: Re: Re: Suggestion: email anti-spoof measure on web site
Date:	20 Jan 2006 19:31:49 -0000


True, there is a Send Page, but not if you have hotmail, yahoo, or google mail. 
Also, in a brief survey I made, 100% of the medium technical people I asked 
(all work for high tech companies) did not know about and obviously have never 
used this feature. They liked and have used send friend feature in other web 
sites.

I agree that send freidn service can be exploited as you have pointed out. I 
disagree that it must be shut down. Good checks should be recommended.


Mike

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Suggestion: email anti-spoof measure on web site, ma . huijuan Re: Suggestion: email anti-spoof measure on web site, mike Re: Suggestion: email anti-spoof measure on web site, Georgi Alexandrov Re: Re: Suggestion: email anti-spoof measure on web site, ma . huijuan Re: Re: Re: Suggestion: email anti-spoof measure on web site, mike <=

Previous by Date:	Re: Web Application Security Contest - New Procedure, Dean H. Saxe
Next by Date:	benchmarking the web app scanners, thomas.jones
Previous by Thread:	Re: Re: Suggestion: email anti-spoof measure on web site, ma . huijuan
Next by Thread:	MSIE session cookies, John Bond
Indexes:	[Date] [Thread] [Top] [All Lists]