[Owasp-leaders] Subdomain issues (multiple subdomains redirect to different applications)

johanna curiel curiel johanna.curiel at owasp.org
Wed Feb 17 19:31:20 UTC 2016


*>>Of the list of 206 host names, 187 didn't resolve or 90.8% of those
hostnames are bad - aka aren't in DNS*.  OWASP Foundation can control the
DNS zone files but not what random people either want to link to on the
Internet or perhaps non-authoritatively resolve.  If people on the Internet
choose to create bad links or use non-authoritative DNS, that's their
problem and something the OWASP Foundation has zero control over.


Hi Matt,

Thank for taking the time to verify and confirm this information with us.
My excuses if I gave  the wrong impression, my reaction was based on the
previous list which really impressed me.

Cheers

Johanna

On Wed, Feb 17, 2016 at 2:04 PM, Matt Tesauro <matt.tesauro at owasp.org>
wrote:

> Johanna,
>
> Of the 119 resolving records (206 minus 187), my review shows 10 stale DNS
> records.  That's 8.4% stale records for the resolving hostnames Tom
> provided.  For the entire list of 206 hostnames, that's 4.8% stale DNS
> records.
>
> The following stale DNS records will be removed:
> es.owasp.org has address 50.57.64.91
> wiki.owasp.org has address 192.237.166.62
> wiki.owasp.org has IPv6 address 2001:4801:7821:77:cd2c:d9de:ff10:170e
> wiki.owasp.org mail is handled by 10 mxa.mailgun.org.
> wiki.owasp.org mail is handled by 10 mxb.mailgun.org.
> stage.owasp.org has address 50.56.28.235
> jobs.owasp.org is an alias for owasp.org.
> connect.owasp.org has address 50.56.28.235
> update-wiki.owasp.org has address 67.207.155.190
> update-wiki.owasp.org has IPv6 address
> 2001:4801:7823:76:cd2c:d9de:ff10:ba46
>
> Consider the DNS cleaned up shortly.  As luck would have it, there's
> currently a problem with Rack's Cloud DNS:
>   "On 17 February 2016 at 09:15 CST, engineers became aware of an issue
> affecting DNS updates. At this time customers may experience delays of up
> to 30 minutes for DNS changes."
> see https://status.rackspace.com/index/viewincidents?group=14
>
> This is breaking the API and web interfaces to Rack's Cloud DNS.  As soon
> as the Cloud DNS issue is resolved at Rack, I'll remove the 10 stale
> entries assuming the support ticket I put in doesn't get handled first.
>
> I'll now go find and close the ticket raised.
>
> non-TLDR version:
>
> $ calc 206 - 87
> 119
> $ calc 10/119
> ~0.08403361344537815126
> $ calc 10/206
> ~0.04854368932038834951
> $ grep -v "not found" resolving-tom-b-host-list
> lists.owasp.org has address 162.209.12.188
> lists.owasp.org mail is handled by 10 d15006a.ess.barracudanetworks.com.
> lists.owasp.org mail is handled by 20 d15006b.ess.barracudanetworks.com.
> owasp4.owasp.org has address 198.101.154.205
> ocms.owasp.org has address 198.101.154.205
> es.owasp.org has address 50.57.64.91
> phpsec.owasp.org has address 198.101.154.205
> wiki.owasp.org has address 192.237.166.62
> wiki.owasp.org has IPv6 address 2001:4801:7821:77:cd2c:d9de:ff10:170e
> wiki.owasp.org mail is handled by 10 mxa.mailgun.org.
> wiki.owasp.org mail is handled by 10 mxb.mailgun.org.
> stage.owasp.org has address 50.56.28.235
> sl.owasp.org is an alias for ghs.google.com.
> ghs.google.com is an alias for ghs.l.google.com.
> ghs.l.google.com has address 64.233.180.121
> ghs.l.google.com has IPv6 address 2607:f8b0:4003:c12::79
> my.owasp.org is an alias for myowasp.ning.com.
> myowasp.ning.com has address 208.82.16.68
> myowasp.ning.com mail is handled by 10 amx.ning.com.
> mail.owasp.org is an alias for ghs.google.com.
> ghs.google.com is an alias for ghs.l.google.com.
> ghs.l.google.com has address 64.233.168.121
> ghs.l.google.com has IPv6 address 2607:f8b0:4003:c0c::79
> jobs.owasp.org is an alias for owasp.org.
> owasp.org has address 104.130.192.89
> owasp.org has IPv6 address 2001:4801:7828:101:be76:4eff:fe10:2b6e
> owasp.org mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
> owasp.org mail is handled by 30 ASPMX2.GOOGLEMAIL.COM.
> owasp.org mail is handled by 30 ASPMX3.GOOGLEMAIL.COM.
> owasp.org mail is handled by 10 ASPMX.L.GOOGLE.COM.
> owasp.org mail is handled by 30 ASPMX5.GOOGLEMAIL.COM.
> owasp.org mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM.
> owasp.org mail is handled by 30 ASPMX4.GOOGLEMAIL.COM.
> groups.owasp.org is an alias for ghs.google.com.
> ghs.google.com is an alias for ghs.l.google.com.
> ghs.l.google.com has address 64.233.168.121
> ghs.l.google.com has IPv6 address 2607:f8b0:4003:c07::79
> docs.owasp.org is an alias for ghs.google.com.
> ghs.google.com is an alias for ghs.l.google.com.
> ghs.l.google.com has address 108.177.9.121
> ghs.l.google.com has IPv6 address 2607:f8b0:4003:c09::79
> contact.owasp.org has address 198.101.154.205
> connect.owasp.org has address 50.56.28.235
> calendar.owasp.org is an alias for ghs.google.com.
> ghs.google.com is an alias for ghs.l.google.com.
> ghs.l.google.com has address 108.177.9.121
> ghs.l.google.com has IPv6 address 2607:f8b0:4003:c13::79
> austin.owasp.org is an alias for owasp.org.
> owasp.org has address 104.130.192.89
> owasp.org has IPv6 address 2001:4801:7828:101:be76:4eff:fe10:2b6e
> owasp.org mail is handled by 10 ASPMX.L.GOOGLE.COM.
> owasp.org mail is handled by 30 ASPMX2.GOOGLEMAIL.COM.
> owasp.org mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
> owasp.org mail is handled by 30 ASPMX5.GOOGLEMAIL.COM.
> owasp.org mail is handled by 30 ASPMX3.GOOGLEMAIL.COM.
> owasp.org mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM.
> owasp.org mail is handled by 30 ASPMX4.GOOGLEMAIL.COM.
> www.owasp.org has address 104.130.192.89
> www.owasp.org has IPv6 address 2001:4801:7828:101:be76:4eff:fe10:2b6e
> www.owasp.org has address 104.130.192.89
> www.owasp.org has IPv6 address 2001:4801:7828:101:be76:4eff:fe10:2b6e
> origin-www.owasp.org has address 192.237.166.62
> update-wiki.owasp.org has address 67.207.155.190
> update-wiki.owasp.org has IPv6 address
> 2001:4801:7823:76:cd2c:d9de:ff10:ba46
> kerala.owasp.org is an alias for home-owaspkerala.rhcloud.com.
> home-owaspkerala.rhcloud.com is an alias for
> ex-std-node551.prod.rhcloud.com.
> ex-std-node551.prod.rhcloud.com is an alias for
> ec2-54-165-213-223.compute-1.amazonaws.com.
> ec2-54-165-213-223.compute-1.amazonaws.com has address 54.165.213.223
>
> --
> -- Matt Tesauro
> OWASP AppSec Pipeline Lead
> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
> OWASP WTE Project Lead
> *https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
> <https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*
> http://AppSecLive.org <http://appseclive.org/> - Community and Download
> site
>
>
> On Tue, Feb 16, 2016 at 10:43 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Brraaaaw....
>> That also needs some serious clean up
>>
>> On Wed, Feb 17, 2016 at 12:38 AM, Tom Brennan - OWASP <tomb at owasp.org>
>> wrote:
>>
>>> Test these *cough*
>>>
>>> Note ongoing ticket on why we have some of these active..
>>>
>>> lists.owasp.org
>>> owasp4.owasp.org
>>> ocms.owasp.org
>>> ml1lists.owasp.org
>>> ads.owasp.org
>>> es.owasp.org
>>> phpsec.owasp.org
>>> alt2.aspmx.l.owasp.org
>>> aspmx3.owasp.org
>>> aspmx5.owasp.org
>>> aspmx.l.owasp.org
>>> alt1.aspmx.l.owasp.org
>>> aspmx2.owasp.org
>>> aspmx4.owasp.org
>>> dns1.owasp.org
>>> dns2.owasp.org
>>> wiki.owasp.org
>>> stage.owasp.org
>>> sl.owasp.org
>>> my.owasp.org
>>> mail.owasp.org
>>> jobs.owasp.org
>>> groups.owasp.org
>>> docs.owasp.org
>>> contact.owasp.org
>>> connect.owasp.org
>>> calendar.owasp.org
>>> austin.owasp.org
>>> mxb.owasp.org
>>> mxa.owasp.org
>>> d15006a.ess.owasp.org
>>> d15006b.ess.owasp.org
>>> gs.owasp.org
>>> mx.owasp.org
>>> ww.owasp.org
>>> old.owasp.org
>>> rna.owasp.org
>>> zig.owasp.org
>>> _caldavs._tcp.owasp.org
>>> _autodiscover._tcp.owasp.org
>>> _sipfederationtls._tcp.owasp.org
>>> ads2.owasp.org
>>> alex.owasp.org
>>> beta.owasp.org
>>> clan.owasp.org
>>> hwww.owasp.org
>>> lain.owasp.org
>>> liss.owasp.org
>>> vb.liss.owasp.org
>>> blog.liss.owasp.org
>>> chat.liss.owasp.org
>>> mybb.liss.owasp.org
>>> wiki.liss.owasp.org
>>> board.liss.owasp.org
>>> forum.liss.owasp.org
>>> piwik.liss.owasp.org
>>> boards.liss.owasp.org
>>> webstats.liss.owasp.org
>>> analytics.liss.owasp.org
>>> phpmyadmin.liss.owasp.org
>>> rear.owasp.org
>>> some.owasp.org
>>> soup.owasp.org
>>> www2.owasp.org
>>> vb.www2.owasp.org
>>> chat.www2.owasp.org
>>> mybb.www2.owasp.org
>>> wiki.www2.owasp.org
>>> board.www2.owasp.org
>>> piwik.www2.owasp.org
>>> stats.www2.owasp.org
>>> boards.www2.owasp.org
>>> dokuwiki.www2.owasp.org
>>> webstats.www2.owasp.org
>>> analytics.www2.owasp.org
>>> phpmyadmin.www2.owasp.org
>>> blogs.owasp.org
>>> vb.blogs.owasp.org
>>> blog.blogs.owasp.org
>>> chat.blogs.owasp.org
>>> mybb.blogs.owasp.org
>>> wiki.blogs.owasp.org
>>> board.blogs.owasp.org
>>> forum.blogs.owasp.org
>>> piwik.blogs.owasp.org
>>> stats.blogs.owasp.org
>>> forums.blogs.owasp.org
>>> dokuwiki.blogs.owasp.org
>>> webstats.blogs.owasp.org
>>> analytics.blogs.owasp.org
>>> phpmyadmin.blogs.owasp.org
>>> cache.owasp.org
>>> fable.owasp.org
>>> forum.owasp.org
>>> vb.forum.owasp.org
>>> blog.forum.owasp.org
>>> chat.forum.owasp.org
>>> mybb.forum.owasp.org
>>> wiki.forum.owasp.org
>>> board.forum.owasp.org
>>> forum.forum.owasp.org
>>> piwik.forum.owasp.org
>>> stats.forum.owasp.org
>>> boards.forum.owasp.org
>>> forums.forum.owasp.org
>>> dokuwiki.forum.owasp.org
>>> webstats.forum.owasp.org
>>> analytics.forum.owasp.org
>>> phpmyadmin.forum.owasp.org
>>> frill.owasp.org
>>> gourd.owasp.org
>>> graft.owasp.org
>>> hayes.owasp.org
>>> htwww.owasp.org
>>> lucky.owasp.org
>>> wendy.owasp.org
>>> behest.owasp.org
>>> drudge.owasp.org
>>> dugout.owasp.org
>>> httwww.owasp.org
>>> inhale.owasp.org
>>> medium.owasp.org
>>> method.owasp.org
>>> mockup.owasp.org
>>> www.owasp.orgwww.owasp.org
>>> second.owasp.org
>>> switch.owasp.org
>>> troupe.owasp.org
>>> www.owasp.org
>>> cameron.owasp.org
>>> clobber.owasp.org
>>> httpwww.owasp.org
>>> mailman.owasp.org
>>> w ww.owasp.org
>>> lessons.webgoat.owasp.org
>>> webmail.owasp.org
>>> wiki191.owasp.org
>>> vb.wiki191.owasp.org
>>> blog.wiki191.owasp.org
>>> chat.wiki191.owasp.org
>>> mybb.wiki191.owasp.org
>>> wiki.wiki191.owasp.org
>>> board.wiki191.owasp.org
>>> forum.wiki191.owasp.org
>>> piwik.wiki191.owasp.org
>>> stats.wiki191.owasp.org
>>> boards.wiki191.owasp.org
>>> forums.wiki191.owasp.org
>>> dokuwiki.wiki191.owasp.org
>>> webstats.wiki191.owasp.org
>>> analytics.wiki191.owasp.org
>>> phpmyadmin.wiki191.owasp.org
>>> willful.owasp.org
>>> woodhen.owasp.org
>>> ww w.owasp.org
>>> www.owasp.org
>>> defector.owasp.org
>>> flourish.owasp.org
>>> freakish.owasp.org
>>> httpswww.owasp.org
>>> intimate.owasp.org
>>> isopleth.owasp.org
>>> chromatin.owasp.org
>>> downgrade.owasp.org
>>> electoral.owasp.org
>>> handwrite.owasp.org
>>> influence.owasp.org
>>> infusible.owasp.org
>>> metabolic.owasp.org
>>> solipsism.owasp.org
>>> _adsp._domainkey.owasp.org
>>> _policy._domainkey.owasp.org
>>> autoconfig.owasp.org
>>> cunningham.owasp.org
>>> manservant.owasp.org
>>> origin-www.owasp.org
>>> picosecond.owasp.org
>>> redemption.owasp.org
>>> strawberry.owasp.org
>>> %3cbr%3ewww.owasp.org
>>> owasp%20www.owasp.org
>>> partnerpage.owasp.org
>>> update-wiki.owasp.org
>>> w%3cbr%3eww.owasp.org
>>> ww%3cbr%3ew.owasp.org
>>> www%3cbr%3e.owasp.org
>>> autodiscover.owasp.org
>>> edonkeycenter.owasp.org
>>> vb.edonkeycenter.owasp.org
>>> blog.edonkeycenter.owasp.org
>>> chat.edonkeycenter.owasp.org
>>> mybb.edonkeycenter.owasp.org
>>> wiki.edonkeycenter.owasp.org
>>> board.edonkeycenter.owasp.org
>>> forum.edonkeycenter.owasp.org
>>> piwik.edonkeycenter.owasp.org
>>> stats.edonkeycenter.owasp.org
>>> boards.edonkeycenter.owasp.org
>>> dokuwiki.edonkeycenter.owasp.org
>>> webstats.edonkeycenter.owasp.org
>>> analytics.edonkeycenter.owasp.org
>>> phpmyadmin.edonkeycenter.owasp.org
>>> ns1.owasp.org
>>> ns2.owasp.org
>>> pdns01.owasp.org
>>> pdns02.owasp.org
>>> kerala.owasp.org
>>>
>>> Anyone who wants to play with a new DNS tool I am working on hit me up
>>> off list.
>>>
>>> Tom Brennan
>>> Global Board of Directors
>>> NYC/NJ Metro Chapter Leader
>>> (d) 973-506-9304
>>>
>>> OWASP Foundation | www.owasp.org
>>>
>>> On Tue, Feb 16, 2016 at 11:32 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Not, is about System admins that create many subdomains but each
>>>> subdomain should have a proper level of access, and Set-Cookie is not
>>>> properly setup for each subdomain so you can 'hop' from one subdomain to
>>>> another rising the same cookie ;-)
>>>>
>>>> I tested the Cybertool, quite nice for analysing domains. In my case
>>>> the sysadmin/web dev has been smart enough to set a proper robots file that
>>>> does not allow spidering , so I don't get a list of the existing subdomains
>>>> as the graphics you  sent. However I found something concerning regarding
>>>> one of servers which seems to be in a black list....
>>>>
>>>> thanks for the tip, I'll tested further these days to find out more how
>>>> it works
>>>>
>>>> Cheers
>>>>
>>>> On Wed, Feb 17, 2016 at 12:23 AM, Tom Brennan - OWASP <tomb at owasp.org>
>>>> wrote:
>>>>
>>>>> Are you referring to what is happening with the OWASP subdomains.
>>>>>
>>>>> Tom Brennan
>>>>> Global Board of Directors
>>>>> (d) 973-506-9304
>>>>>
>>>>> OWASP Foundation | www.owasp.org
>>>>>
>>>>> On Tue, Feb 16, 2016 at 4:03 AM, Ali Razmjoo <ali.razmjoo at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Hello Johanna,
>>>>>>
>>>>>> I don't have much information, but like @Munir said, it could be use
>>>>>> for insecure redirect and it's usable to phishing attacks,
>>>>>> Seconds, it's you can access the original website, and sometimes it
>>>>>> could be help us to bypassing firewall or wafs by that. [it could be useful
>>>>>> if you feel server has a firewall which is blocking your request for
>>>>>> testing a bug]
>>>>>> 3rd, you may access to see restricted area, or internal servers/hosts
>>>>>> by changing  your request, it's not easy to guess internal hosts or ip
>>>>>> addresses, I don't see any software or scanner to do it for you. but it's
>>>>>> not that hard if you have a live target and make a [python] script for
>>>>>> this. you may test also some ports on target, you can bypass to access them
>>>>>> [through http] to see there too.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Feb 16, 2016 at 10:56 AM, Munir Njiru <munir.njiru at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Johanna,
>>>>>>> Seeing again no revalidation is done , an attacker in my view would
>>>>>>> also look for insecure direct object references hence accessing assets they
>>>>>>> shouldn't .
>>>>>>>
>>>>>>> Munir Njenga,
>>>>>>> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
>>>>>>> Developer
>>>>>>> Mob   (KE) +254 (0) 734960670
>>>>>>>
>>>>>>> =============================
>>>>>>> Chapter Page: www.owasp.org/index.php/Kenya
>>>>>>> Project Site:
>>>>>>> http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/
>>>>>>> Email: munir.njiru at owasp.org
>>>>>>> Facebook: https://www.facebook.com/OWASP.Kenya
>>>>>>> Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Feb 16, 2016 at 7:42 AM, johanna curiel curiel <
>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>
>>>>>>>> Forgot to mention, other vulnerabilities than session fixation
>>>>>>>>
>>>>>>>> The situation is the following:
>>>>>>>>
>>>>>>>>
>>>>>>>>    - A system admin has configured multiple subdomains under 1
>>>>>>>>    server
>>>>>>>>    - A reverse proxy redirects to subdomains
>>>>>>>>    - However, session ids are not properly validated as userA can
>>>>>>>>    request on subdomain_A a and use the same session id if he browses to
>>>>>>>>    subdomainB (the server/applicatiopn does not revalidate a new session again)
>>>>>>>>    - After temp[eraing with header requests such as Referer and
>>>>>>>>    Host, I'm able to show inn the URL I'm in subdomainB however I'm userA.
>>>>>>>>    Funny enough the application shown is from SudomainA buit the URL is
>>>>>>>>    showing subdomainB
>>>>>>>>
>>>>>>>> Questions
>>>>>>>>
>>>>>>>>
>>>>>>>>    - What are the possible attack vectors to bypass the
>>>>>>>>    authentication (lets say impersonate and login into subdomainB application) other
>>>>>>>>    than session fixation
>>>>>>>>
>>>>>>>>
>>>>>>>>    - Are any other kind of risks associated with this
>>>>>>>>    vulnerability?
>>>>>>>>
>>>>>>>>
>>>>>>>>    - When I tested this using burp, I got a message 'Cookie scoped
>>>>>>>>    to parent domain'(which off course allowed me to trick the server with the
>>>>>>>>    Referer/host request tampering
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Feb 15, 2016 at 10:07 PM, johanna curiel curiel <
>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> Hi leaders
>>>>>>>>>
>>>>>>>>> I have a question I was looking for some info to understand
>>>>>>>>> surface attack but could not find a specific case or documentation
>>>>>>>>> regarding this
>>>>>>>>>
>>>>>>>>> The situation is the following:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>    - A system admin has configured multiple subdomains under 1
>>>>>>>>>    server
>>>>>>>>>    - A reverse proxy redirects to subdomains
>>>>>>>>>    - However, session ids are not properly validated as userA can
>>>>>>>>>    request on subdomain_A a and use the same session id if he browses to
>>>>>>>>>    subdomainB (the server/applicatiopn does not revalidate a new session again)
>>>>>>>>>    - After temp[eraing with header requests such as Referer and
>>>>>>>>>    Host, I'm able to show inn the URL I'm in subdomainB however I'm userA.
>>>>>>>>>    Funny enough the application shown is from SudomainA buit the URL is
>>>>>>>>>    showing subdomainB
>>>>>>>>>
>>>>>>>>> Questions
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>    - What are the possible attack vectors to bypass the
>>>>>>>>>    authentication (lets say impersonate and login into subdomainB application)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>    - Are any other kind of risks associated with this
>>>>>>>>>    vulnerability?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>    - When I tested this using burp, I got a message 'Cookie
>>>>>>>>>    scoped to parent domain'(which off course allowed me to trick the server
>>>>>>>>>    with the Referer/host request tampering)
>>>>>>>>>
>>>>>>>>> Cheers
>>>>>>>>>
>>>>>>>>> Johanna
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>> The information contained in this message and any attachments may be
>>>>> privileged, confidential, proprietary or otherwise protected from
>>>>> disclosure. If you, the reader of this message, are not the intended
>>>>> recipient, you are hereby notified that any dissemination, distribution,
>>>>> copying or use of this message and any attachment is strictly prohibited.
>>>>> If you have received this message in error, please notify the sender
>>>>> immediately by replying to the message, permanently delete it from your
>>>>> computer and destroy any printout.
>>>>>
>>>>
>>>>
>>>
>>> The information contained in this message and any attachments may be
>>> privileged, confidential, proprietary or otherwise protected from
>>> disclosure. If you, the reader of this message, are not the intended
>>> recipient, you are hereby notified that any dissemination, distribution,
>>> copying or use of this message and any attachment is strictly prohibited.
>>> If you have received this message in error, please notify the sender
>>> immediately by replying to the message, permanently delete it from your
>>> computer and destroy any printout.
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160217/5af860ce/attachment-0001.html>


More information about the OWASP-Leaders mailing list