Full Disclosure mailing list archives
Re: Not even the NSA can get it right
From: Aaron Horst <anthrax101 () gmail com>
Date: Thu, 26 May 2005 10:44:51 -0400
On 5/25/05, Castigliola, Angelo <ACastigliola () unumprovident com> wrote:
What would XSS on NSA.GOV get a hacker anyways? Steal my NSA.GOV cookie "CFID 756140 nsa.gov/ 1024 2871474816 31895379 3010520960 29692615 * CFTOKEN 41950083 nsa.gov/ 1024 2871474816 31895379 3010820960 29692615 *" Don't think a hacker could do much with this. At best someone could try to use the exploit to phish passwords from NSA.GOV employees. -Angelo Castigliola III Security Architect
I don't know about you, but I personally think you could do quite a bit of identity theft by seeing a few NSA applicants' resumes. Who else would be more willing to give a "recruiter" sensitive personal information? https://www.nsa.gov/applyonline/index.html AnthraX101 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Not even the NSA can get it right, (continued)
- Re: Not even the NSA can get it right James Tucker (May 27)
- Re: Not even the NSA can get it right Eric Paynter (May 30)
- Re: Not even the NSA can get it right Mister Coffee (May 25)
- Re: Not even the NSA can get it right Virus Friendly (May 26)
- Re: Not even the NSA can get it right Paul Kurczaba (May 25)
- Re: Not even the NSA can get it right imipak (May 25)
- RE: Not even the NSA can get it right Lachniet, Mark (May 25)
- RE: Not even the NSA can get it right Castigliola, Angelo (May 25)
- RE: Not even the NSA can get it right James Longstreet (May 25)
- Re: Not even the NSA can get it right Valdis . Kletnieks (May 25)
- Re: Not even the NSA can get it right Aaron Horst (May 26)