Full Disclosure mailing list archives

Re: Fun with Foundstone

From: pagvac <unknown.pentester () gmail com>
Date: Thu, 16 Feb 2006 20:04:11 +0000

On 2/14/06, Jason Coombs <jasonc () science org> wrote:

orangeofficer () hushmail com wrote:

https://download.foundstone.com/?o=^2155
Now that's just plain sloppy.


But at least it's SSL-secured.


SSL provides privacy *not* security (web server/application is still
vulnerable to attacks).

Also, this https encryption can be beneficial for attackers to avoid
IDS alarms if IDS is *not* located on the target server that provides
the https connection.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Fun with Foundstone orangeofficer (Feb 14)
- Re: Fun with Foundstone Dave Korn (Feb 14)
  - Re: Re: Fun with Foundstone ad () heapoverflow com (Feb 14)
    - RE: Re: Fun with Foundstone Debasis Mohanty (Feb 14)
    - Re: Re: Fun with Foundstone Dave Korn (Feb 15)
    - RE: Re: Re: Fun with Foundstone Debasis Mohanty (Feb 15)
    - Re: Re: Fun with Foundstone Dave Korn (Feb 15)
- Re: Fun with Foundstone Andrew Farmer (Feb 14)
- Re: Fun with Foundstone Jason Coombs (Feb 14)
  - Re: Fun with Foundstone pagvac (Feb 16)