Jump to content

Search the Community

Showing results for tags 'insecure'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. Insecure sites relegated to Firefox Stone Age Insecure websites will be barred from using new hardware features and could have existing tools revoked, if Mozilla goes ahead with a push towards HTTPS. Webmasters that don't turn on HTTPS could be excluded from the new features list under a Mozilla initiative designed to rid the net of careless clear text gaffes, sending a "message" to developers that their web properties need to be secured, regardless of content served. Precisely which features could be held back are subject to debate, Mozilla security chief Richard Barnes says. "For example, one definition of 'new' [features] could be 'features that cannot be polyfilled'," Barnes says in a post. "That would allow things like CSS and other rendering features to still be used by insecure websites, since the page can draw effects on its own but it would still restrict qualitatively new features, such as access to new hardware capabilities. "Removing features from the non-secure web will likely cause some sites to break so we will have to monitor the degree of breakage and balance it with the security benefit." Mozilla, whose Firefox is used by a quarter of net surfers, says [PDF] existing features may be revoked but not before developers receive prior notice. The group has not yet set a date for when the "feature ban" will come into effect, but will submit proposals to the W3C WebAppSec Working Group 'soon'. It may begin with a softer slap for insecure sites - for example, by limiting the abilities of features rather than an outright block. Barnes says sites some HTTP content will be okay thanks to security features like HSTS. "It should be noted that this plan still allows for usage of the HTTP URI scheme in legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the HTTP scheme can be automatically translated to HTTPS by the browser, and thus run securely." Source
  2. # Affected software: phplist # Type of vulnerability: insecure object reference # URL:phplist.com # Discovered by: Provensec # Website: http://www.provensec.com #version: phpList ltd. - v3.0.10 # Proof of concept insecure object refrenced on page deltetation vuln param:delete example: http://demo.phplist.com/lists/admin/?page=send&delete=2&tk=035d99 ref: https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29 Source
×
×
  • Create New...