|
Why world’s
leading security companies don’t take care of their security? I`ve published some of XSS vulnerabilities in my blog and forwarded them to full-disclosure. But it seems like leading security companies don`t even think of fixing these bugs. Cisco, Microsoft, Symantec, NSA, F-Secure, AOL, Sun, IBM, eEye still have vulnerabilities in their web sites. Is there any chance to protect ourselves from this threat? How can we trust these companies, if their web sites may allow hackers to compromise our computers and get access to our bank accounts?
Demostration exploit of XSS vulnerability at Verisign is availabe at http://www.securitylab.ru/verisign.php
Other vulnerabilities cat be found at http://www.securitylab.ru/blog/tecklord/?category=19
Have a nice day, Valery
|
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
