Full Disclosure mailing list archives

Re: Not even the NSA can get it right

From: Aaron Horst <anthrax101 () gmail com>
Date: Thu, 26 May 2005 10:44:51 -0400

On 5/25/05, Castigliola, Angelo <ACastigliola () unumprovident com> wrote:

What would XSS on NSA.GOV get a hacker anyways? Steal my NSA.GOV cookie

"CFID
756140
nsa.gov/
1024
2871474816
31895379
3010520960
29692615
*
CFTOKEN
41950083
nsa.gov/
1024
2871474816
31895379
3010820960
29692615
*"

Don't think a hacker could do much with this. At best someone could try
to use the exploit to phish passwords from NSA.GOV employees.

-Angelo Castigliola III
Security Architect


I don't know about you, but I personally think you could do quite a
bit of identity theft by seeing a few NSA applicants' resumes. Who
else would be more willing to give a "recruiter" sensitive personal
information?

https://www.nsa.gov/applyonline/index.html

AnthraX101
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Not even the NSA can get it right, (continued)
- - - Re: Not even the NSA can get it right James Tucker (May 27)
    - Re: Not even the NSA can get it right Eric Paynter (May 30)
    - Re: Not even the NSA can get it right Mister Coffee (May 25)
  - Re: Not even the NSA can get it right Virus Friendly (May 26)
- Re: Not even the NSA can get it right Paul Kurczaba (May 25)
- Re: Not even the NSA can get it right imipak (May 25)
- RE: Not even the NSA can get it right Lachniet, Mark (May 25)
- RE: Not even the NSA can get it right Castigliola, Angelo (May 25)
  - RE: Not even the NSA can get it right James Longstreet (May 25)
  - Re: Not even the NSA can get it right Valdis . Kletnieks (May 25)
  - Re: Not even the NSA can get it right Aaron Horst (May 26)