[28550] in bugtraq
New Web Vulnerability - Cross-Site Tracing
daemon@ATHENA.MIT.EDU (Pete Soderling)
Wed Jan 22 15:59:25 2003
Date: Wed, 22 Jan 2003 14:24:22 -0500 (EST)
From: Pete Soderling <pete@petesoder.com>
Reply-To: pete@petesoder.com
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.44.0301221421210.4977-100000@blue.petesoder.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I thought this news might interest the group ...
ExtremeTech (http://extremetech.com) just released an article on a new type of vulnerability recently reported to CERT, Cross-Site Tracing (XST).
"After months of extensive research, San Jose California-based WhiteHat Security has unmasked a flaw in one of the Web's cornerstone protocols which places all e-commerce sites, as well as scores of Internet users, in jeopardy.
This threat was discovered by application security research firm WhiteHat, and is detailed in David's story below. White Hat Security was started by a former CTO from Ungermann-Bass, and an Information Security officer at Yahoo!."
Read the entire post at: http://www.extremetech.com/article2/0,3973,841047,00.asp
--petesoder
