ANNOUNCE: Nagios Looking Glass 1.0.0#PRE is here!

[Andy Shellam (Mailing Lists)]

Thanks Hugo,

I'm just about getting to grips with XSS attacks, and I'm pretty certain 
NLG is not vulnerable.

Andy.

Hugo van der Kooij wrote:
> On Thu, 28 Dec 2006, Andy Shellam (Mailing Lists) wrote:
>
>   
>> Thanks for your description below but I'm still struggling to come to
>> terms with how NLG can be used to attack another site.
>> Firstly, my understanding of an XSS attack is of the following:
>>
>> - Client requests a page (eg. www.yahoo.com)
>> - Hacker strips the response packets off the wire and replaces them with
>> packets that have come from (eg. www.google.co.uk)
>> - Client receives www.google.co.uk as a result of hacker's actions
>>     
>
> Well if you trust site A but not site B and site B can trick your browser 
> into thinking that the data comes from site A instead you are exposed to 
> site B.
>
> Site A is the unwilling accomplish in this scheme and that is one thing 
> you have to be carefull about.
>
> Hugo.
>
>   


-- 
Andy Shellam
NetServe Support Team

the Mail Network
"an alternative in a standardised world"

p: +44 (0) 121 288 0832/0839
m: +44 (0) 7818 000834


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null