[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] www.dia.mil

To: <Valdis.Kletnieks@xxxxxx>, Razi Shaban <razishaban@xxxxxxxxx>
Subject: Re: [Full-disclosure] www.dia.mil
From: "Adrian P." <unknown.pentester@xxxxxxxxx>
Date: Wed, 29 Oct 2008 10:02:20 +0000

Welcome to the web! 

1 website = content retrieved from dozens/hundreds of sites. Much more than 
what the browser's address bar shows ;)

Think of ad banners, analytics JS ("legit" spyware), static content served from 
high-speed embedded httpds, etc ...

And yes, there are security implications to this design problem.

-----Original Message-----
From: Valdis.Kletnieks@xxxxxx
Sent: 27 October 2008 17:22
To: Razi Shaban <razishaban@xxxxxxxxx>
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] www.dia.mil

On Mon, 27 Oct 2008 21:07:46 +0400, Razi Shaban said:
> On Mon, Oct 27, 2008 at 7:59 PM, Bipin Gautam <bipin.gautam@xxxxxxxxx> wrote:
> >
> > A picture is worth a thousand words.
> >
> > But whats so wrong about it?
> >
> > :P
> 
> 
> So what?

A US intelligence agency is basically betting the bank that statcounter.com,
a company apparently based in Ireland, doesn't get pwned or subverted.

Does that give you warm-n-fuzzies?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] www.dia.mil
  - From: Viktor Larionov

Prev by Date: [Full-disclosure] Tool update: VoIPER v0.07
Next by Date: Re: [Full-disclosure] www.dia.mil
Previous by thread: Re: [Full-disclosure] www.dia.mil
Next by thread: Re: [Full-disclosure] www.dia.mil
Index(es):
- Date
- Thread