Full Disclosure mailing list archives
iName/Mail.com security holes opens door to millions of e-mail accounts
From: full-disclosure () lists netsys com (Andrew G. Tereschenko)
Date: Fri, 30 Aug 2002 14:54:12 +0300
----- Original Message ----- From: "Colt Peacemaker" <colt45 () sdf lonestar org> Sent: Friday, August 30, 2002 8:46 AM
Heh. Posting on full-disclosure seems to have set the cat among the pigeons there ... AFAICT they seem to have disabled a lot of other stuff over the last 12 hours or so (javascript for example).
Disagree. They was unable to completely fix HTML attachment bug. Mail.com has all bugs discovered in other free email systems for last 2-3 years. I still have example replacing down group of buttons and firing javascript in onSubmit event Mail.com has changed /scripts/common/profile.cgi script. (finaly !!). But i still think that it's possible to get session cookies and use them for evil purpose. I give ~15 hours to Mail.com to find solution and will update my example email if they will fail. As for a javascript - only minor changes was made. Not a complete solution. -- Andrew G. Tereschenko TAG Software Research Lab Odessa, Ukraine
Current thread:
- iName/Mail.com security holes opens door to millions of e-mail accounts Andrew G. Tereschenko (Aug 28)
- iName/Mail.com security holes opens door to millions of e-mail accounts Colt Peacemaker (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Andrew G. Tereschenko (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Colt Peacemaker (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Andrew G. Tereschenko (Aug 30)
- iName/Mail.com security holes opens door to millions of e-mail accounts Andrew G. Tereschenko (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Colt Peacemaker (Aug 29)
- iName/Mail.com security holes opens door to millions of e-mail accounts Berend-Jan Wever (Aug 31)