Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XSS=10000

From: Nate Lawson <nate () root org>
Date: Fri, 12 Jun 2009 14:32:09 -0700
Rauc wrote:

I have to admit this is in the top 10 "hacking contest" fails of all
time. 


I am not sure that this is really a fail. For only $10k, he managed to
get a penetration test that involved numbers of hackers. Sure the
product failed to stand up, (Due to a really stupid bug) but the bug was
found, and now it can be fixed.

We have seen that the world is willing to put up with claims of software
being secure, even when it is not. Oracle's 'Unbreakable', Windows NT
was 'Unstoppable', and a host of others.

Business executives will still choose a product such as this so called
Strongmail, if it is marketed well. Additionally, if this company can
show that it learns from it's mistakes, as Microsoft had for a time,
they will be even better off.


Nobody is going to buy this webmail thing. That's not the company's
goal. The webmail app is a trojan to show off their phone authentication
service, which is what they are really trying to sell.

-- 
Nate
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: