ПРОЕКТЫ 

  АРХИВ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 

  ПЕРСОНАЛЬНОЕ 

  ПРОГРАММЫ 

ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-alerts] Securitylab.ru - lamers ?

Kazennov, Vladimir wrote:


Они что совсем глупые, если размещают фальсифицированное сообщение с XSS-ной 
ссылкой? Кто у них пишет новости, интересно?
А прикол в том, что foxnews допускает включение постороннего кода в свои страницы, что здесь и продемонстрировано :) 

http://foxsports.foxnews.com/nfl/pgStory?contentId=5867020&pageNumber=1%40%3C/title%3E%3Cimg%20src='http://www.securitylab.ru/test/3.jpg'%3E&slideShow=true
-- Alexander Dilevsky 
mailto:dil@xxxxxx


-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of full-disclosure-request@xxxxxxxxxxxxxxxxx 
Sent: Wednesday, August 30, 2006 3:00 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Full-Disclosure Digest, Vol 18, Issue 72

----------------------------------------------------------------------

Message: 1
Date: Wed, 30 Aug 2006 08:58:40 +0300
From: "Valery Marchuk" <tecklord@xxxxxxxxxxxxx>
Subject: [Full-disclosure] FoxNews: Paralysis of the Fifth Power
To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <004601c6cbf9$59595600$0400a8c0@pc4>
Content-Type: text/plain; format=flowed; charset="koi8-r";
        reply-type=original
Last week Russian hackers attacked top news agencies web sites. Work in these agencies was almost completely paralyzed by mass defaces. Russian hackers replaced published news by anti-American slogan "Neft' bliznego vostoka - dostoyanee chelovechestva. Russkaya Komputernaya Mafia." (Oil of Middle East belongs to all humanity. Russian Computer Mafia). 

More at http://www.securitylab.ru/news/extra/273022.php




------------------------------
------------------------------

Message: 3
Date: Wed, 30 Aug 2006 03:18:34 -0300
From: cardoso <cardosolistas@xxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] FoxNews: Paralysis of the Fifth Power
To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <20060830031213.D6E6.CARDOSOLISTAS@xxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="ISO-8859-1"

Lesson #1:

When creating a fake page, find someone with a reasonable knowledge of
the english language AND HTML skills.

Lesson#2

using plain JPEGs don╢t make a very realistic fake page from whatever
site you want to pretend defacing. 
Lesson#3

Fake news on Fox News ?? you really want to pass unnoticed...



On Wed, 30 Aug 2006 08:58:40 +0300
"Valery Marchuk" <tecklord@xxxxxxxxxxxxx> wrote:
Last week Russian hackers attacked top news agencies web
sites. Work in
these agencies was almost completely paralyzed by mass
defaces. Russian
hackers replaced published news by anti-American slogan
"Neft' bliznego
vostoka - dostoyanee chelovechestva. Russkaya Komputernaya
Mafia." (Oil of 
Middle East belongs to all humanity. Russian Computer Mafia).

More at http://www.securitylab.ru/news/extra/273022.php


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-------------------------------------------------------------
Carlos Cardoso - "Blogueiro Inconformado^
http://www.carloscardoso.com <== sacanagem
http://www.contraditorium.com <== ProBlogging e cultura digital

 



Copyright © Lexa Software, 1996-2009.