[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration
- From: "Randal T. Rioux" <randy@xxxxxxxxxxxxxxx>
- Date: Wed, 05 Feb 2014 15:13:31 -0500
On 2/4/2014 6:36 PM, Mark Litchfield wrote:
> On 2/4/2014 3:13 PM, security curmudgeon wrote:
>> : > This is not the behavior of the site as of 48 hours ago.
>>
>> : Let me check. Normal registration should also be available ? Infact I
>> : will remove the registration.
>> :
>> : The purpose of this whole registration in the first place was to allow
>> : for future postings I am going to make later this week that would only
>> : be available to registered users. Not necessarily vulnerabilities, but
>> : useful "stuff" for pentesting. Also all registered users would be
>> given
>> : a 48 hours head start on any new vulnerabilities that I post in the
>> : future.
>>
>> Which is great, but I strongly recommend you allow a site-specific
>> registration for such purposes. Giving up one of the two dominant social
>> media accounts for it is excessive.
> I should add, I am all for constructive criticism. But a public forum
> is not really the place. Feel free to email me directly.
Yes, it is. This is a security forum. Your authentication mechanism is a
major security issue.
The damn thing should get its own CVE.
Think about it and you'll see the point.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/