The Web Security Mailing List (2006 December)

Date Index

[WEB SECURITY] [NGSEC] ngGame #3 - BrainStorming (fwd), bugtraq
[WEB SECURITY] Fierce domain scan released, RSnake
[WEB SECURITY] XSS caused by Greasemonkey userscript, Martin Johns
[WEB SECURITY] ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein
- [WEB SECURITY] Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Martin Johns
Re: [WEB SECURITY] (somewhat) breaking the same-origin policy by undermining dns-pinning, Kanatoko
[WEB SECURITY] DNS-Pinning demo, Kanatoko
[WEB SECURITY] new backframe release, pdp (architect)
[WEB SECURITY] Congressional aide punk'd, then fired, bugtraq
[WEB SECURITY] Automated Privilege Escalation Testing in Web Applications - a whitepaper, Ory Segal
RE: [WEB SECURITY] Tools or software for hacking windows/iis., TUSHAR VARTAK /ISG/INFOTECH/BKC
[WEB SECURITY] The lack of security enabled frameworks is why we're vulnerable, bugtraq
- Re: [WEB SECURITY] The lack of security enabled frameworks is why we're vulnerable, Brian Eaton
  - Re: [WEB SECURITY] The lack of security enabled frameworks is why we're vulnerable, Jeff Robertson
- Re: [WEB SECURITY] The lack of security enabled frameworks is why we're vulnerable, Jeremiah Grossman
[WEB SECURITY] RE: Metasploit, Schmidt, Albert E
- <Possible follow-ups>
- RE: [WEB SECURITY] RE: Metasploit, Hayes, Bill
[WEB SECURITY] Cross domain access using JavaScript document.referrer, Kanatoko
- Re: [WEB SECURITY] Cross domain access using JavaScript document.referrer, Amit Klein
  - Re: [WEB SECURITY] Cross domain access using JavaScript document.referrer, Kanatoko
[WEB SECURITY] EV SSL certificates, Brian Eaton
- [WEB SECURITY] Tools or software for hacking windows/iis., Schmidt, Albert E
  - RE: [WEB SECURITY] Tools or software for hacking windows/iis., Will Jefferies
    - RE: [WEB SECURITY] Tools or software for hacking windows/iis., Sels, Roger
    - RE: [WEB SECURITY] Tools or software for hacking windows/iis., Hauser, Donald
    - RE: [WEB SECURITY] Tools or software for hacking windows/iis., Schmidt, Albert E
  - RE: [WEB SECURITY] Tools or software for hacking windows/iis., GeminiConsulting
    - RE: [WEB SECURITY] Tools or software for hacking windows/iis., Schmidt, Albert E
  - RE: [WEB SECURITY] Tools or software for hacking windows/iis., Jarmon, Don R
    - RE: [WEB SECURITY] Tools or software for hacking windows/iis., Schmidt, Albert E
- Re: [WEB SECURITY] EV SSL certificates, bugtraq
- <Possible follow-ups>
- RE: [WEB SECURITY] EV SSL certificates, TUSHAR VARTAK /ISG/INFOTECH/BKC
  - Re: [WEB SECURITY] EV SSL certificates, Mike Fratto
[WEB SECURITY] comparing information security to other industries, KT
- RE: [WEB SECURITY] comparing information security to other industries, Will Jefferies
- [WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries, Valdis . Kletnieks
  - [WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries, coderman
    - Re: [WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries, Andre Gironda
    - [WEB SECURITY] Re: [Full-disclosure] [WEB SECURITY] Re: comparing information security to other industries, coderman
- [WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries, Nancy Kramer
  - Re: [WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries, Dinis Cruz
- [WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries, Michael Zimmermann
  - [WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries, Brian Eaton
    - [WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries, Michael Zimmermann
[WEB SECURITY] IE7 Phishing Filter Tells Microsoft The URLS You Visit?, bugtraq
- RE: [WEB SECURITY] IE7 Phishing Filter Tells Microsoft The URLS You Visit?, Chris Weber
  - Re: [WEB SECURITY] IE7 Phishing Filter Tells Microsoft The URLS You Visit?, Shane Forsythe
    - Re[2]: [WEB SECURITY] IE7 Phishing Filter Tells Microsoft The URLS You Visit?, Thierry Zoller
- Re: [WEB SECURITY] IE7 Phishing Filter Tells Microsoft The URLS You Visit?, Jason Muskat, GCFA, GCUX, de VE3TSJ
[WEB SECURITY] PHP security under scrutiny, bugtraq
[WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?, Holger.Peine
- Re: [WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?, Jeff Robertson
- Re: [WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?, Thierry Zoller
- Re: [WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?, James Landis
- Re: [WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?, RSnake
- Re: [WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?, Brian Eaton
- <Possible follow-ups>
- RE: [WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?, Holger.Peine
[WEB SECURITY] Odysseus 2.0 / Telemachus 1.0 (Beta), Dave
[WEB SECURITY] Top 10 Web Hacks of 2006, Jeremiah Grossman
[WEB SECURITY] Backdooring Image Files - security notice, pdp (architect)
- Re: [WEB SECURITY] Backdooring Image Files - security notice, John GALLET
  - Re: [WEB SECURITY] Backdooring Image Files - security notice, ascii
    - Re: [WEB SECURITY] Backdooring Image Files - security notice, John GALLET
  - Message not available
    - RE: [WEB SECURITY] Backdooring Image Files - security notice, Billy Hoffman
- [WEB SECURITY] Re: [Full-disclosure] Backdooring Image Files - security notice, HASEGAWA Yosuke
[WEB SECURITY] What problem have this Rijndael(.NET&PHP) code?, 김영일
- [WEB SECURITY] Re: What problem have this Rijndael(.NET&PHP) code?, Scott C. Sanchez
- [WEB SECURITY] Re: What problem have this Rijndael(.NET&PHP) code?, Peter Conrad
  - [WEB SECURITY] RE: What problem have this Rijndael(.NET&PHP) code?, Wall, Kevin
- [WEB SECURITY] Re: What problem have this Rijndael(.NET&PHP) code?, Jamie Riden
[WEB SECURITY] Certifications, Ankur Jindal
- Re: [WEB SECURITY] Certifications, A. Ramos
- <Possible follow-ups>
- RE: [WEB SECURITY] Certifications, TUSHAR VARTAK /ISG/INFOTECH/BKC
  - Re: [WEB SECURITY] Certifications, Ankur Jindal
[WEB SECURITY] Application Security Predictions of 2007, bugtraq
[WEB SECURITY] JavaScript WebSite Login Checker, Jeremiah Grossman
- Re: [WEB SECURITY] EV SSL certificates, Michael Sutton
[WEB SECURITY] New two-stage login procedure, Gervase Markham
- Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
  - Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
    - Re: [WEB SECURITY] New two-stage login procedure, Esteban RibiÄiÄ
    - Re: [WEB SECURITY] New two-stage login procedure, Esteban RibiÄiÄ
    - Re: [WEB SECURITY] New two-stage login procedure, H. Morrow Long
    - Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
    - Re: [WEB SECURITY] New two-stage login procedure, Nick Owen
    - Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
    - Re: [WEB SECURITY] New two-stage login procedure, Esteban RibiÄiÄ
    - Re: [WEB SECURITY] New two-stage login procedure, nowen
    - RE: [WEB SECURITY] New two-stage login procedure, Henry Troup
    - Re: [WEB SECURITY] New two-stage login procedure, Nick Owen
    - Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
    - Re: [WEB SECURITY] New two-stage login procedure, Nick Owen
    - Re: [WEB SECURITY] New two-stage login procedure, Esteban RibiÄiÄ
    - RE: [WEB SECURITY] New two-stage login procedure, Billy Hoffman
    - RE: [WEB SECURITY] New two-stage login procedure, Wade Millican
    - Re: [WEB SECURITY] New two-stage login procedure, Gervase Markham
    - Re: [WEB SECURITY] off-topic New two-stage login procedure, Chip Mefford
  - Re: [WEB SECURITY] New two-stage login procedure, Theo Spears
- Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
- <Possible follow-ups>
- RE: [WEB SECURITY] New two-stage login procedure, Mark Mcdonald
  - RE: [WEB SECURITY] New two-stage login procedure, Wade Millican
    - RE: [WEB SECURITY] New two-stage login procedure, Martin O'Neal
    - Re: [WEB SECURITY] New two-stage login procedure, Gervase Markham
    - Re: [WEB SECURITY] New two-stage login procedure, James Landis
    - Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
    - Re: [WEB SECURITY] New two-stage login procedure, James Landis
    - Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
    - Message not available
    - Re: [WEB SECURITY] New two-stage login procedure, Brian Eaton
  - Re: [WEB SECURITY] New two-stage login procedure, Gervase Markham
[WEB SECURITY] WASC Articles Project - Call for Participants, robert
[WEB SECURITY] WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, robert
[WEB SECURITY] XSS worm attacking Google?, Billy Hoffman
- Re: [WEB SECURITY] XSS worm attacking Google?, pdp (architect)
  - Re: [WEB SECURITY] XSS worm attacking Google?, Kuai Hinojosa
    - RES: [WEB SECURITY] XSS worm attacking Google?, Denny Roger
[WEB SECURITY] Analysis, Source-code of the MySpace Quicktime worm, Billy Hoffman
- <Possible follow-ups>
- Re: [WEB SECURITY] Analysis, Source-code of the MySpace Quicktime worm, Steve Orrin
[WEB SECURITY] security of GUID, Noon Tar
- RE: [WEB SECURITY] security of GUID, Chris Weber
[WEB SECURITY] Middle tier application security, Ankur Jindal
[WEB SECURITY] New MySpace worm could be on its way, pdp (architect)
[WEB SECURITY] Web Application Security Professionals Survey (Dec. 2006), Jeremiah Grossman
- Re: [WEB SECURITY] *Results* Web Application Security Professionals Survey (Dec. 2006), Jeremiah Grossman
[WEB SECURITY] Web security courses, Lazaros Hoppas
- RE: [WEB SECURITY] Web security courses, Sebastien Deleersnyder
- Re: [WEB SECURITY] Web security courses, Vicente Aguilera
- Re: [WEB SECURITY] Web security courses, Dan Kuykendall
Re: [WEB SECURITY] Vulnerability Scanning Web 2.0 Client-Side Components, Jason Muskat, GCFA, GCUX, de VE3TSJ
[WEB SECURITY] PoC - ajax worm, Anurag Agarwal
- Re: [WEB SECURITY] PoC - ajax worm, Jason Muskat, GCFA, GCUX, de VE3TSJ
[WEB SECURITY] Microsoft Anti-Cross Site Scripting Library V1.5 is Released, Whelan. Andy \(Group IS Security\)
[WEB SECURITY] MySpace XSS+Phishing attack using Movies, Billy Hoffman
- Re: [WEB SECURITY] MySpace XSS+Phishing attack using Movies, Jason Muskat, GCFA, GCUX, de VE3TSJ
[WEB SECURITY] A few more tricks for JavaScript/HTML scanning..., Stefan Esser
RE: [WEB SECURITY] XSS Question, nitin patel
- <Possible follow-ups>
- RE: [WEB SECURITY] XSS Question, Billy Hoffman
- Re: [WEB SECURITY] XSS Question, pdp (architect)
Re: [WEB SECURITY] standards for session tokens, Brian Eaton
- Re: [WEB SECURITY] standards for session tokens, Randall Hansen
  - RE: [WEB SECURITY] standards for session tokens, Billy Hoffman
  - Re: [WEB SECURITY] standards for session tokens, Brian Eaton
Re: [WEB SECURITY] Should software vendors come clean about application vulnerabilities?, Greenarrow 1
- Re: [WEB SECURITY] Should software vendors come clean about application vulnerabilities?, Anurag Agarwal
- <Possible follow-ups>
- RE: [WEB SECURITY] Should software vendors come clean about application vulnerabilities?, Josh Shulman

Brought to you by http://www.webappsec.org
Search this site