Re: [SC-L] JavaScript Hijacking

2007-04-19 Thread Brian Chess
Frederik De Keukelaere [EMAIL PROTECTED] writes: Would you mind sharing the different data formats you came across for exchanging data in mashups/Web 2.0? Considering the challenges you recently discovered, it might be good to have such an overview to look at it from a security point of view.

Re: [SC-L] State Department break-in last summer

2007-04-19 Thread Nick FitzGerald
Ed Reed wrote: This article describes a Trojan horse attack introduced via MS Office (Word) documents that provided remote access by adversaries to compromised systems. It doesn't say if the exploit - design flaw