[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: SSL VPNs and security

To: E Mintz <net4n6@xxxxxxxxx>
Subject: [Full-disclosure] Re: SSL VPNs and security
From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Date: Fri, 9 Jun 2006 08:31:51 +0200 (CEST)

On Fri, 9 Jun 2006, E Mintz wrote:

> How about some real-world, application specific exploits?

There's an example of a XSS that can be used to compromise Cisco Web VPN
session in the text.

> So, please show me an example of an actual compromise and I'll listen.
> Otherwise, put up, or shut up!

You're not strictly required to listen, you know ;)

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Re: SSL VPNs and security
  - From: E Mintz

References:
- [Full-disclosure] SSL VPNs and security
  - From: Michal Zalewski

Prev by Date: Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.
Next by Date: [Full-disclosure] [USN-288-2] PostgreSQL server/client vulnerabilities
Previous by thread: [Full-disclosure] SSL VPNs and security
Next by thread: [Full-disclosure] Re: SSL VPNs and security
Index(es):
- Date
- Thread