[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Not even the NSA can get it right

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Not even the NSA can get it right
From: Aaron Horst <anthrax101@xxxxxxxxx>
Date: Thu, 26 May 2005 10:44:51 -0400

On 5/25/05, Castigliola, Angelo <ACastigliola@xxxxxxxxxxxxxxxxx> wrote:
> What would XSS on NSA.GOV get a hacker anyways? Steal my NSA.GOV cookie
> 
> "CFID
> 756140
> nsa.gov/
> 1024
> 2871474816
> 31895379
> 3010520960
> 29692615
> *
> CFTOKEN
> 41950083
> nsa.gov/
> 1024
> 2871474816
> 31895379
> 3010820960
> 29692615
> *"
> 
> Don't think a hacker could do much with this. At best someone could try
> to use the exploit to phish passwords from NSA.GOV employees.
> 
> -Angelo Castigliola III
> Security Architect
> 

I don't know about you, but I personally think you could do quite a
bit of identity theft by seeing a few NSA applicants' resumes. Who
else would be more willing to give a "recruiter" sensitive personal
information?

https://www.nsa.gov/applyonline/index.html

AnthraX101
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] Not even the NSA can get it right
  - From: Castigliola, Angelo

Prev by Date: Re: [Full-disclosure] Re: Hack Your Credit Card Company (OT)
Next by Date: [Full-disclosure] [USN-134-1] Firefox vulnerabilities
Previous by thread: Re: [Full-disclosure] Not even the NSA can get it right
Next by thread: [Full-disclosure] http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
Index(es):
- Date
- Thread