Re: Geeze, you would think THEY would know better!!!

["Hubbard, Dan" <dhubbard () websense com>]

"Insecurity by acquisition"



-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Nick FitzGerald
Sent: Sunday, February 22, 2009 4:51 AM
To: funsec () linuxbox org
Subject: Re: [funsec] Geeze, you would think THEY would know better!!!

Jon Kibler wrote:

> Okay, I admit that I am lazy. Rather than try to remember (or find in my
> ton of bookmarks) the home page with HP for the App Sec group that was
> used to be SpiDynamics, I still use the URL: http://www.spidynamics.com/
>
> Well, that now gives the following error dump! I would think that if ANY
> group knew better than to expose the guts of their system when an error
> occurred, it would be HP's App Sec group!!

You're joking, right?

These are the same folk who wrote a blog item (very good in what it 
covered) that included (desevered) comments about open redirectors as a 
tool the scammers were increasingly using.  The post was by a self-
described "Security Evangelist" and "expert in web application security". 
Sadly, the blog-ware they used had its own, trivially obvious to the most 
cursory of glances, open redirector to provide its "link to the poster's 
homepage" functionality.

Some "web application security expert"...


Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


 Protected by Websense Hosted Email Security -- www.websense.com 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.