[WEB SECURITY] citibank XSS?

Jeremiah Grossman jeremiah at whitehatsec.com
Tue Jul 25 13:00:48 EDT 2006


On Jul 25, 2006, at 9:07 AM, Thierry Zoller wrote:

> Dear Brian Eaton,
>
>
> BE> I thought the citibank attack was MITM, no XSS involved.  Am I  
> wrong
> BE> on that?  Was XSS used as well?


Nice catch Brian.


> AFAIK, XSS had no immediate impact on the MITM scenaria, if XSS played
> a role _at all_. Sounds like a lot of BS.

Easy on the BS stuff, mistakes happen.

Since I was main subject of the interview, I believe I misspoke  
during the call. Indeed XSS (to my knowledge) played no part in the  
Citibank story. I meant to say PayPal. I already contacted the writer  
with the correction and reference.


Regards,

Jeremiah-




----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list