[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] citibank XSS?

From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] citibank XSS?
Date: Tue, 25 Jul 2006 10:00:48 -0700


On Jul 25, 2006, at 9:07 AM, Thierry Zoller wrote:

Dear Brian Eaton,
BE> I thought the citibank attack was MITM, no XSS involved. Am I wrong BE> on that? Was XSS used as well?

Nice catch Brian.

AFAIK, XSS had no immediate impact on the MITM scenaria, if XSS played
a role _at all_. Sounds like a lot of BS.


Easy on the BS stuff, mistakes happen.

Since I was main subject of the interview, I believe I misspoke during the call. Indeed XSS (to my knowledge) played no part in the Citibank story. I meant to say PayPal. I already contacted the writer with the correction and reference.


Regards,

Jeremiah-

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] citibank XSS?
  - From: Brian Eaton

References:
- [WEB SECURITY] citibank XSS?
  - From: Brian Eaton
- Re: [WEB SECURITY] citibank XSS?
  - From: Thierry Zoller

Prev by Date: Re: [WEB SECURITY] citibank XSS?
Next by Date: Re: [WEB SECURITY] citibank XSS?
Previous by thread: Re: [WEB SECURITY] citibank XSS?
Next by thread: Re: [WEB SECURITY] citibank XSS?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site