Comments on: Bypassing Safari 5 XSS Auditor

By: .mario

.mario — Thu, 05 Aug 2010 21:05:43 +0000

Old cat is old http://sla.ckers.org/forum/read.php?13,31377

By: ryan

ryan — Wed, 04 Aug 2010 22:14:09 +0000

@Police
Do not comment on issues you do not fully comprehend.

By: Andrew van der Stock

Andrew van der Stock — Wed, 09 Jun 2010 08:34:52 +0000

@Police. That’s Oracle circa “Unbreakable” through to when they got a clue and figured out security defects came free of charge care of Oracle developers, not security researchers.

Apple ignores or actively does not participate in OWASP or any other web application security group. There’s very little chance that they will get it right any time soon without peer review or expert assistance.

I will happily retract that, but with the insane secrecy culture @ Apple, I really doubt they will ever get their security act together.

By: cirrus

cirrus — Wed, 09 Jun 2010 06:15:09 +0000

@MacSmiley Should be ok now.

By: Police

Police — Wed, 09 Jun 2010 00:39:57 +0000

Why do you facilitate criminal mischief by giving hackers the keys to steal information and place malware on computers? You are a criminal

By: MacSmiley

MacSmiley — Tue, 08 Jun 2010 22:21:20 +0000

I’m seeing placeholders instead of screenshots.

By: Brentter

Brentter — Tue, 08 Jun 2010 16:20:06 +0000

You know you’d think with all the various backgrounds and well just full-on developers involved in these kind of big releases, at least one would have thought to have checked up on things like this…. maybe even just look through any of the hundreds of resources regarding this attack like, heck, the 5+ year old directory of old xss hacks? http://ha.ckers.org/xss.html

Are the ipad dev team co-working today with the safari teams?

nice find, as far as i’ve seen you’re at least the first to report it.