The Web Security Mailing List (2006 August)

• Date Index

• [WEB SECURITY] Doorman@JUMPERZ.NET Released, Kanatoko
• [WEB SECURITY] AT&T Online store hacked (19,000 exposed CC #'s), Jeremiah Grossman
• [WEB SECURITY] MySpace "private" profiles unmasked, Jeremiah Grossman
• [WEB SECURITY] Time Parameter For Expiration of the Session, Bergel B, Gabriel
  • Re: [WEB SECURITY] Time Parameter For Expiration of the Session, Brian Eaton
• RE: [WEB SECURITY] Resources for testing hosted/ASP sites, Evans, Arian
• [WEB SECURITY] Hacme Casino v1.0, alex.smolen
• [WEB SECURITY] Re: Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms, Jorge Augusto Senger
• [WEB SECURITY] Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms, Maxime Ducharme
• [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Evans, Arian
  • Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan
    • Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Martin Johns
    • RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Jeff Robertson
      • Message not available
      • RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan
      • RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Joseph Peloquin
      • RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Joseph Peloquin
      • Message not available
      • RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan
      • [WEB SECURITY] Resources for testing hosted/ASP sites, Joshua Jabs
• [WEB SECURITY] WiKID 2.1.1 released, Nick Owen
• [WEB SECURITY] Google Redirect URL actively used for Phishing, Jeremiah Grossman
  • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, Ryan Barnett
    • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, Collin Jackson
      • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, Jeremiah Grossman
      • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, Brian Eaton
      • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, Evert | Rooftop
      • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, RSnake
      • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, Brian Eaton
      • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, Evert | Rooftop
      • Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, RSnake
• [WEB SECURITY] Mitnick's website hacked (again), Jeremiah Grossman
• [WEB SECURITY] DDOS extortion, Brian Eaton
• [WEB SECURITY] Corsaire White Paper: Assessing Java Clients with the BeanShell, Stephen de Vries
• [WEB SECURITY] RE: World Summit on Intrusion Prevention, Anthony J Biacco
• [WEB SECURITY] World Summit on Intrusion Prevention, wsip
  • Re: [WEB SECURITY] World Summit on Intrusion Prevention, H. Morrow Long
• [WEB SECURITY] Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)", Amit Klein (AKsecurity)
• [WEB SECURITY] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers
  • [WEB SECURITY] Re: [SC-L] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Pascal Meunier
  • [WEB SECURITY] Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA, Richard Lindberg
• [WEB SECURITY] [Fwd: InterScout Web Forensics Tool Released as Freeware], Nick Owen
• [WEB SECURITY] "hack-me" Ajax apps?, Jeff Robertson
  • [WEB SECURITY] Re: "hack-me" Ajax apps?, Andrew van der Stock
  • <Possible follow-ups>
  • Re: [WEB SECURITY] "hack-me" Ajax apps?, kurt
  • RE: [WEB SECURITY] "hack-me" Ajax apps?, Jeff Robertson
• [WEB SECURITY] Technical note: under some conditions, it's possible to steal HTTP credentials using Flash, Amit Klein (AKsecurity)
• [WEB SECURITY] (somewhat) breaking the same-origin policy by undermining dns-pinning, Martin Johns
• [WEB SECURITY] Re: [Full-disclosure] Re: [WEB SECURITY] Top sites for Application security news, sick b0y
• [WEB SECURITY] Bypassing script filters with variable-width encodings, Chris Weber
• [WEB SECURITY] Web app ? : Lieberman's site, Matt Fisher
• RE: [WEB SECURITY] Secure coding guidelines, Ory Segal
  • Re: [WEB SECURITY] Secure coding guidelines, Anurag Agarwal
  • <Possible follow-ups>
  • RE: [WEB SECURITY] Secure coding guidelines, Lorna Alamri
  • RE: [WEB SECURITY] Secure coding guidelines, Matt Fisher
    • RE: [WEB SECURITY] Secure coding guidelines, Chris Weber
• [WEB SECURITY] Top sites for Application security news, KT
  • [WEB SECURITY] Re: [Full-disclosure] Top sites for Application security news, mikeiscool
  • [WEB SECURITY] Re: [Full-disclosure] Top sites for Application security news, Ivan .
    • Re: [WEB SECURITY] Re: [Full-disclosure] Top sites for Application security news, bugtraq
  • [WEB SECURITY] Re: [Full-disclosure] Top sites for Application security news, Alice Bryson <abryson@xxxxxxxxxxxxx>
  • Re: [WEB SECURITY] Top sites for Application security news, Anurag Agarwal
  • [WEB SECURITY] Secure coding guidelines, Anurag Agarwal
  • Re: [WEB SECURITY] Top sites for Application security news, root
    • [WEB SECURITY] Re: [Full-disclosure] Re: [WEB SECURITY] Top sites for Application security news, Dude VanWinkle
  • <Possible follow-ups>
  • RE: [WEB SECURITY] Top sites for Application security news, Ory Segal
• [WEB SECURITY] Sending multipart/form-data requests from Flash (with arbitrary headers), Amit Klein (AKsecurity)
• [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, bugtraq
  • RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Caleb Sima
  • [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, James Pujals
    • Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Brian Eaton
  • [WEB SECURITY] Re: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Iván Alemán
• [WEB SECURITY] Article about HttpOnly, Evert | Collab
  • Re: [WEB SECURITY] Article about HttpOnly, RSnake
    • Re: [WEB SECURITY] Article about HttpOnly, Brian Eaton
      • Re: [WEB SECURITY] Article about HttpOnly, RSnake
      • RE: [WEB SECURITY] Article about HttpOnly, Chris Weber
      • Re: [WEB SECURITY] Article about HttpOnly, Evert | Collab
      • Re: [WEB SECURITY] Article about HttpOnly, Brian Eaton
      • Re: [WEB SECURITY] Article about HttpOnly, Amit Klein (AKsecurity)
      • RE: [WEB SECURITY] Article about HttpOnly, Chris Weber
      • Re: [WEB SECURITY] Article about HttpOnly, Kanatoko
      • Re: [WEB SECURITY] Article about HttpOnly, Brian Eaton
• [WEB SECURITY] Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs
• [WEB SECURITY] Autocomplete attribute, Benjamin Hawkes-Lewis
  • Re: [WEB SECURITY] Autocomplete attribute, Andrew van der Stock
  • <Possible follow-ups>
  • Re: [WEB SECURITY] Autocomplete attribute, Benjamin Hawkes-Lewis
• Re: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript, Chris Hofmann
• [WEB SECURITY] XSS at Netcraft.com, Valery Marchuk
• [WEB SECURITY] [Administrative] List slow down, robert
• Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Amit Klein (AKsecurity)
  • RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Billy Hoffman
    • RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Amit Klein (AKsecurity)
      • Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Achim Hoffmann
      • Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Amit Klein (AKsecurity)
  • <Possible follow-ups>
  • Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Amit Klein (AKsecurity)
    • Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Amit Klein (AKsecurity)