funsec mailing list archives
RE: Is this a hoax?
From: Blanchard_Michael () emc com
Date: Thu, 28 Jun 2007 16:51:48 -0400
Yup, XSS ceretainly had to get old to some of them.... This part of the article had me thinking it is a hoax... "In Check Point's case, CSRF was possible when a user was logged onto https://my.firewall at the same time he or she was connected to a malicious Website, according to the company's patch release information." Now, this piece sounds ok, but the word "patch" is a link over to: http://koti.mbnet.fi/wdd/dickcurless.jpg interesting :-) Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Thursday, June 28, 2007 4:39 PM To: Blanchard, Michael (InfoSec) Cc: funsec () linuxbox org Subject: Re: [funsec] Is this a hoax? On Thu, 28 Jun 2007 15:57:21 EDT, Blanchard_Michael () emc com said:
Sure seems like a hoax or other baddie to me.
Looks more like a wake-up call to me. Another DarkReading link: http://www.darkreading.com/document.asp?doc_id=126560 "The most famous CSRF attack was the Samy worm that crippled MySpace last year. The attacker used a toxic combination of XSS and CSRF exploits to wreak havoc on the social networking site." I cant comment on whether this *current* one is for real, but the concept that 'they got bored with XSS and went looking for CSRF" certainly strikes me as a *plausible* event. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Description of the Intel CPU bugs Richard M. Smith (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
- Re: Description of the Intel CPU bugs Valdis . Kletnieks (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
- Re: Description of the Intel CPU bugs Matthew Murphy (Jun 28)
- Is this a hoax? Blanchard_Michael (Jun 28)
- Re: Is this a hoax? B.K. DeLong (Jun 28)
- Re: Is this a hoax? Valdis . Kletnieks (Jun 28)
- RE: Is this a hoax? Blanchard_Michael (Jun 28)
- Re: Description of the Intel CPU bugs Valdis . Kletnieks (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
- Re: Description of the Intel CPU bugs Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 30)
- Re: Description of the Intel CPU bugs Gadi Evron (Jun 28)
- Re: Description of the Intel CPU bugs Dude VanWinkle (Jun 28)
- Re: Description of the Intel CPU bugs Valdis . Kletnieks (Jun 28)