Re: [Full-disclosure] [0 Day] XSS Persistent in Blogspot of Google

, and therefore it's not a vulnerability but a feature. Regards, Guifre. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] The email that hacks you

... The problem is the CSRF weaknesses of your router admin panel that should be fixed by synchronizing a secret token or by using any other well known mitigation strategy against these attacks. Best Regards, Guifre. ___ Full-Disclosure - We believe

Re: [Full-disclosure] OT Google raises sploit bounties

FYI, the main vendors offering bug bounty programs recently had an interesting discussion in the OWASP AppSecUSA 2012 conference http://vimeo.com/53947419 Cheers, Guifre. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full