[Owasp-board] Fwd: Data

Andrew van der Stock vanderaj at owasp.org
Fri Nov 17 06:11:11 UTC 2006


Interesting. This is something we want to follow up? PHP Remote file  
includes is one of mine. ALLOW_URL_FOPEN MUST DIE

thanks,
Andrew

Begin forwarded message:

> From: "Rohit Dhamankar" <dhamankar at sans.org>
> Date: 17 November 2006 4:48:30 PM
> To: <mjc at redhat.com>, <adam.safier at fda.hhs.gov>,  
> <anthony.richardson at arts.monash.edu.au>, "'anton at netForensics.com'"  
> <anton at chuvakin.org>, <arouse at tandbergtv.com>,  
> <asarwate at qualys.com>, <buanzo at buanzo.com.ar>, <carowe at gtcc.edu>,  
> <Cesar.TasconAlvarez at es.ey.com>, <chissp50 at hotmail.com>,  
> <chris.riley.hx81 at statefarm.com>, <christopher.a.bream at us.pwc.com>,  
> <david.damato at us.pwc.com>, <dhamankar at sans.org>,  
> <Donald.Smith at qwest.com>, <ed at mentat.ws>, <eray at netsecdesign.com>,  
> <ge at webroot.com>, <jesper at amazon.com>, <jfl at csert.ca>,  
> <jgaie at yahoo.com>, <Jonathan_Rubin at dom.com>, <jpike at itsfac.com>,  
> <jtannahi at rogers.com>, <khong at knsp.org>, <koonyaw.tan at gmail.com>,  
> <kotkov7 at gmail.com>, <leopastor at sinectis.com>,  
> <m.shea at communicationvalley.it>, <marc at sachs.us>,  
> <marcos.ferreira at nxsecurity.com>, <michel.cusin at bell.ca>,  
> <miguel.guirao at mail.telcel.com>, <olivier at ousson.com>,  
> <pbueno at gmail.com>, <rd at rd1.net>, <Rhodri.Davies at vistorm.com>,  
> "'Rob King'" <rking at tippingpoint.com>, "'root at penchantforevil.org'"  
> <root at penchantforevil.com>, "'russ at holisticinfosec.org'"  
> <holisticinfosec at gmail.com>, <rwanner at pobox.com>,  
> <syedma at microland.net>, "'vanderaj at greebo.net'" <vanderaj at owasp.org>
> Subject: Data
>
> Hi all:
>
>
>
> Definitely upsetting to see folks like Richard Bejtlich posting on  
> the blogs stating that the Top-20 is based on opinions rather than  
> fact.
>
>
>
> I have, in the past, not gone ahead and shared this data with you  
> all as it was not sanitized to take out the customer ip addresses  
> etc. But, am doing so now (please don’t share still!), so that you  
> feel that what we put in is not fictitious and based on some real- 
> data backing. Of course, no one person on earth can have the data  
> from all networks! SANS has data from the Storm Center, Qualys has  
> data from its scanning and the input is taken before we make the list,
>
>
>
> Rohit
>
>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061117/b111c010/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Capture.jpg
Type: image/jpeg
Size: 64052 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061117/b111c010/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Capture1.jpg
Type: image/jpeg
Size: 58560 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061117/b111c010/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061117/b111c010/attachment-0002.bin>


More information about the Owasp-board mailing list