[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability
- To: BlackHawk <hawkgotyou@xxxxxxxxx>
- Subject: Re: [Full-disclosure] [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability
- From: "M.B.Jr." <marcio.barbado@xxxxxxxxx>
- Date: Thu, 17 Jan 2008 18:33:08 -0200
Guess Fredrick's sarcastic and cynical suggestion is:
xss-like menaces seems as unstoppable as this web-slavery the industry imposes.
Well, if so, I agree.
On 1/17/08, BlackHawk <hawkgotyou@xxxxxxxxx> wrote:
> > ======
> > 4) Fix
> > ======
>
> > Notepad should be rewritten to filter potentially dangerous
> > characters. Characters can be converted to their html encoded
> > equivalents.
>
> translated: you CAN'T write pages in HTML with any program..
>
> >Fredrick Diggle Security Services is probably the best application
> >security researchers on the scene this month. They have identified
> >several hundred thousand vulnerabilities this week[..]
>
> i think you must read this:
> http://www.amazon.com/PCs-Dummies-Quick-Reference-Gookin/dp/0764507222
>
>
> --
> Best regards,
> BlackHawk mailto:hawkgotyou@xxxxxxxxx
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Marcio Barbado, Jr.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/