[WEB SECURITY] citibank XSS?

Jeremiah Grossman jeremiah at whitehatsec.com
Tue Jul 25 13:00:48 EDT 2006

On Jul 25, 2006, at 9:07 AM, Thierry Zoller wrote:

> Dear Brian Eaton,
> BE> I thought the citibank attack was MITM, no XSS involved.  Am I  
> wrong
> BE> on that?  Was XSS used as well?

Nice catch Brian.

> AFAIK, XSS had no immediate impact on the MITM scenaria, if XSS played
> a role _at all_. Sounds like a lot of BS.

Easy on the BS stuff, mistakes happen.

Since I was main subject of the interview, I believe I misspoke  
during the call. Indeed XSS (to my knowledge) played no part in the  
Citibank story. I meant to say PayPal. I already contacted the writer  
with the correction and reference.



The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list