[security] Safari problem
gaz_sec at hushmail.com
gaz_sec at hushmail.com
Wed Apr 11 14:32:45 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everyone
I would like to release the details of the exploit but I also don't
want to create problems for any users of OpenID services. I think
the exploit is important not because it is a browser vulnerability
that creates the hole but it is the concept that can produce other
holes.
I will not release the exploit publicly because of the amount of
sites I have found that contain this vulnerability but are also
affected across browsers. If anyone wishes to have the details of
the exploit then I will happily provide the sample code, if you can
prove to me that you actually have an OpenID service and you own
that service.
Unfortunately due to time restraints I have not finished my
research on this subject so you can expect me to make sure that you
are all on your toes when it comes to security in the near future.
Cheers
Gareth
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
wpwEAQECAAYFAkYc8ScACgkQrR8fg3y/m1BeKAP+IuvTkdQJKU0YWruGfgHzHRLTmTtE
oTN52cn5u0GksEn6cLlHeR25Np5ia2VYj3Oak4h/JL1MutoBmlRsRygfRZ/mnHa7Kh3l
vKvGo17wmakkpUchSTGZAtbyHPbalQ6HKCOA4PD4bNV5QdG2rw2s6b+ibrpzhWbDgE6h
r6BfThs=
=PTXV
-----END PGP SIGNATURE-----
--
Click to become an artist and quit your boring job
http://tagline.hushmail.com/fc/CAaCXv1P277pdNYiQo49V4muCzzgNvjc/
More information about the security
mailing list