[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Google auto redirect
- To: Juan Galiana <jgaliana@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Google auto redirect
- From: Chris Evans <scarybeasts@xxxxxxxxx>
- Date: Wed, 14 Jul 2010 10:33:23 -0700
On Wed, Jul 14, 2010 at 10:32 AM, Chris Evans <scarybeasts@xxxxxxxxx> wrote:
> On Wed, Jul 14, 2010 at 10:19 AM, Juan Galiana <jgaliana@xxxxxxxxx> wrote:
>> In fact, open redirect is considered a vulnerability commonly involved in
>> phishing attacks.
>
> .... by people who have a cursory but non-thorough understanding of security.
>
> http://scarybeastsecurity.blogspot.com/
Oops, the long-term link is:
http://scarybeastsecurity.blogspot.com/2010/06/open-redirectors-some-sanity.html
Cheers
Chris
>
> To be fair, it is an area of some subtlety involving what browsers do
> and do not guarantee in terms of security indicators; and more
> importantly, misconceptions around capabilities and mindset of the
> less-technical end users that we as a community are trying to protect.
>
>
> Cheers
> Chris
>
>>
>> http://www.owasp.org/index.php/Open_redirect
>>
>> On Wed, Jul 14, 2010 at 6:03 PM, Mario Vilas <mvilas@xxxxxxxxx> wrote:
>>>
>>> did you actually try the link? cause it worked for me...
>>>
>>> On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie <Eddie.McGhee@xxxxxxx>
>>> wrote:
>>>>
>>>> come on what's funny about encoding a url? you don't see this as
>>>> a vuln????? REALLY???? geez peace...
>>>> ________________________________
>>>> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
>>>> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Marshall
>>>> Whittaker
>>>> Sent: 13 July 2010 21:17
>>>> To: full-disclosure@xxxxxxxxxxxxxxxxx
>>>> Subject: [Full-disclosure] Google auto redirect
>>>>
>>>> I don't really consider this a vulnerability, but it's funny.
>>>>
>>>>
>>>> http://www.google.com/search?q=%79%61%68%6F%6F&ie=ISO-8859-1&source=hp&hl=en&btnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79
>>>>
>>>> -- oxagast
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>>
>>> --
>>> HONEY: I want to… put some powder on my nose.
>>> GEORGE: Martha, won’t you show her where we keep the euphemism?
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/