[VIM] Do world's famous companies take care of their security? (fwd)

Sullo sullo at cirt.net
Mon Jul 31 08:04:50 EDT 2006


Personally, I think it would take away almost all of the "useful" FD
content that isn't duplicated on bugtraq. 

I just don't see the point.

security curmudgeon wrote:
>
> Curious what the VDB crowd thinks of a list specifically created for
> the disclosure of XSS bugs?
>
> And if not XSS, substitute that with any other type.
>
> ---------- Forwarded message ----------
> From: Valery Marchuk <tecklord at argocom.cv.ua>
> To: bugtraq at securityfocus.com, full-disclosure at lists.grok.org.uk
> Date: Mon, 31 Jul 2006 11:17:20 +0300
> Subject: [Full-disclosure] Do world's famous companies take care of their
>     security?
>
> Do world's famous companies take care of their security?
>
>
>
> There was discussion last week in the Full-Disclosure about XSS
> vulnerabilities in reply to XSS vulns in PayPal and Gadi Evron
> suggested creation of a separate mailing list for just XSS
> vulnerabilities. I would agree with him if PayPal and many other
> world's famous companies tried at least to patch such bugs:
>
> The incident with Netscape must be example for everyone. Actually I
> don't understand the behavior of such companies. XSS bugs are easy to
> discover and easy to fix, so what's the problem? And instead of
> monitoring bugs these companies just put into risk their customers.
> That's how they do their business and that's how they take care of us
> - their customers.
>
> There are XSS flaws at Digg's and Netscape's web sites. Are they
> planning to fix them?
>
>
>
> There are still XSS flaws at PayPal`s web site (two years and one week
> after XSS bugs were reveled). Are they planning to fix them?
>
>
>
> Example of XSS vulns are in my blog at
>
> http://www.securitylab.ru/blog/tecklord/?category=19
>
>
>
> I will publish such information in my blog and hope that companies
> will take care of their security.
>
>
>
>
> Valery Marchuk
>
>
>


-- 

http://www.cirt.net/      |     http://www.osvdb.org/



More information about the VIM mailing list