[Owasp-delhi] [OWASP-Bangalore] Rediff Astrology

Suryavanshi, Rajesh rajesh_suryavanshi at uhc.com
Fri Jun 18 04:06:07 EDT 2010


What about the government sites..  there are many sites are vulnerable
to SQL injection, XSS, Parameter Manipulation.. 
 
Do not want to specify any one of them.. but still there are no security
measure and controls in place.. 
 
Hope so once in a while government realize the importance of information
and will take Preventive Action to mitigate risk...
 
 
Regards,
 
RS
 
 


________________________________

From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Friday, June 18, 2010 12:26 PM
To: nileshkumar83 at gmail.com
Cc: owasp-delhi at lists.owasp.org; owasp-mumbai at lists.owasp.org;
owasp-bangalore at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org
Subject: Re: [Owasp-delhi] [OWASP-Bangalore] Rediff Astrology



>From one perspective this is illegal while from another 'service done
for FREE'. Though for the latter, there must be responsible disclosure
of vulnerabilities. 
 
Regards, 
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services



From: 	nileshkumar83 at gmail.com 
To: 	owasp-bangalore at lists.owasp.org 
Cc: 	owasp-delhi at lists.owasp.org, owasp-mumbai at lists.owasp.org 
Date: 	06/15/2010 06:43 PM 
Subject: 	Re: [Owasp-delhi] [OWASP-Bangalore]  Rediff Astrology 
Sent by: 	owasp-delhi-bounces at lists.owasp.org

________________________________




I think ringing the only door bell is not illegal, until unless you do
something that can harm them financially. I have several times informed
them about various vulns but they took action after a very long time.

On Tue, Jun 15, 2010 at 5:32 PM, Vikram GR <grv.567 at gmail.com
<mailto:grv.567 at gmail.com> > wrote: 
Is it legal to hack websites without any authorization from the owner?
If you hack sites like rediff/indiatimes, they might take legal action
against you right? Even you inform them about vulnerabilities, will this
kind of act be legal or illegal? Could you throw your opinions.

Thanks and Regards,

VIKRAM.G.R
Information Security Consultant,
Paladion Networks. 
http://www.paladion.net/ <http://www.paladion.net/> 
<http://goog_1367504026/> http://www.linkedin.com/in/vikramgr
<http://www.linkedin.com/in/vikramgr> 
Ph: +91-916-486-3322


On 15 June 2010 09:34, <nileshkumar83 at gmail.com
<mailto:nileshkumar83 at gmail.com> > wrote: 
Rediff had several vulnerabilities at many pages. I had informed them
last year itself. They didn't care until some senior guy from Rediff
asked them to fix them. So its old trend in Rediff. Similar is the case
of Indiatimes.

-- 
Thanks & Regards,
Nilesh Kumar,
Engineer-Security| Honeywell Technology Solutions
www.nileshkumar83.blogspot.com <http://www.nileshkumar83.blogspot.com/> 
www.linkedin.com/in/nileshkumar83
<http://www.linkedin.com/in/nileshkumar83> 
Mobile- +91-9019076487


_______________________________________________
OWASP-Bangalore mailing list
OWASP-Bangalore at lists.owasp.org <mailto:OWASP-Bangalore at lists.owasp.org>

https://lists.owasp.org/mailman/listinfo/owasp-bangalore
<https://lists.owasp.org/mailman/listinfo/owasp-bangalore> 



_______________________________________________
OWASP-Bangalore mailing list
OWASP-Bangalore at lists.owasp.org <mailto:OWASP-Bangalore at lists.owasp.org>

https://lists.owasp.org/mailman/listinfo/owasp-bangalore
<https://lists.owasp.org/mailman/listinfo/owasp-bangalore> 




-- 
Thanks & Regards,
Nilesh Kumar,
Engineer-Security| Honeywell Technology Solutions
www.nileshkumar83.blogspot.com <http://www.nileshkumar83.blogspot.com/> 
www.linkedin.com/in/nileshkumar83
<http://www.linkedin.com/in/nileshkumar83> 
Mobile- +91-9019076487
_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi
<https://lists.owasp.org/mailman/listinfo/owasp-delhi> 



=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100618/34a28b40/attachment-0001.html 


More information about the Owasp-delhi mailing list