|
Diese Diskussion wurde archiviert.
Es können keine neuen Kommentare abgegeben werden.
|
 |
|
|
|
|
|
|
|
- Re: New Web Vulnerability - Cross-Site Tracing: "Wow, what a misinformed article. The whitepaper available on
WhiteHat's site is better (http://www.whitehatsec.com/news.html)
but it still requires very careful reading to appreciate what parts
of it are talking about things that are due to other known holes
and which are actually news. [...] The bottom line: Why do you even need to steal the user's
authentication token if you have full access to get their browser
to submit requests and the ability to grab the contents of the
results? And having access to those two things is exactly what
this whitepaper is assuming."
- RE: TRACE used to increase the dangerous of XSS.:I just finished reading this so-called whitepaper and the press release, and
all I can say is hyped, sensationalised snakeoil. [...] WhiteHat Security paired a minor low-impact notice of their own with
existing proof-of-concept code from several critical high-impact
vulnerabilities discovered, and long disclosed, by thirdparty researchers,
dubbed it their own and wrote up a fancy press release filled with
inaccuracies announcing a indifferent 'whitepaper' scathered with obscure
irrelevancies. In short, snakeoil.
--
Einer der Gnutella-Klone heißt Gnutoka, und ich frag mich, wann Gnusspli rauskommt...
|
|
|
|
|
|
