[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: ERRATA (Re:
From: Amit Klein <aksecurity () gmail ! com>
Date: 2006-12-25 18:46:44
Message-ID: 45901C94.4080208 () gmail ! com
[Download RAW message or body]
Hi
In the writeup named "Host header cannot be trusted as an anti anti
DNS-pinning measure" (submitted September 7th, 2006) I erroneously
attributed one of the references to the wrong person. The correct text
should read:
[1] "DNS: Spoofing and Pinning", by "timeless", September 12th, 2003 (or
earlier)
http://viper.haque.net/~timeless/blog/11/
The original (wrong) text attributed this reference to Mohammad A.
Haque, who owns the viper.haque.net website, but (in my current
understanding) did not write the referenced text (my understanding now
is that http://viper.haque.net/~timeless/ actually belongs to
"timeless", a different individual).
This mistake also occurred in a response I wrote to a thread "Re: [WEB
SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications
using JavaScript" in the WebSecurity mailing list
(http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00090.html).
I'm sorry for the confusion.
-Amit
-------------------------------------------------------------------------
Sponsored by: Watchfire
Today's hackers exploit web applications to expose, embarrass and even
steal. Firewalls and SSL may be commonplace but recent studies indicate 3
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing
Challenges in Application Security" whitepaper, explains what to do and
provides a guideline to improving your own application security.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic