RE: Developerstore.com expose critical customer info

From: Mark Curphey (markat_private)
Date: Sun Jan 13 2002 - 17:55:22 PST

Next message: Charles 'core' Stevenson: "Eterm SGID utmp Buffer Overflow (Local)"

Previous message: shawn merdinger: "Re: Developerstore.com expose critical customer info"
In reply to: shawn merdinger: "Re: Developerstore.com expose critical customer info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nothing sinister, this really was just a case of bad timing.

Sleuth was just a proof of concept and the brain child of one person (Dave
Zimmer). It was designed to be an interactive web browser that exposed some
HTTP. As things got underway at OWASP, we have determined we need (and been
asked by the community) to build a more automated open source web
application security testing tool that is cross platform.  As such it is
likely to be built in Java and will be able to test all issues identified in
the OWASP ASAC project (http://www.owasp.org/projects/asac/), like
canonicalization for instance. It will also support testing against the
requirements project and will support the testing framework, projects both
only just started. This is likely to be at least six months away.

To try and morph Sleuth into such a package would be like trying to convert
a 4x4 into a sports car, so we all decided it would be best to keep Sleuth
doing what it was designed to do and start from scratch with the new project
so that we have a clean robust foundation to build upon.

Sleuth and the plugins are all back at Dave Zimmers site
(http://geocities.com/dzzie/sleuth)

-----Original Message-----
From: shawn merdinger [mailto:dingerat_private]
Sent: Sunday, January 13, 2002 5:40 PM
Cc: vuln-devat_private; webappsecat_private
Subject: Re: Developerstore.com expose critical customer info

Looks like it's still on the Russian mirror:

<http://SecurityLab.ru/_Tools/websleuthInstaller-1.1.2.zip>

-scm

On Sat, 12 Jan 2002, Jeremiah Grossman wrote:

> WebSlueth was removed from OWASP because of this incident?
> Can someone "in the know" shed some light on this and explain
> if there is any truth to this.... (how does one relate to the other?)
>
> I did confirm the URL where WebSleuth was available from:
> http://www.owasp.org/resources/tools/index.shtml
> does indeed have it taken down... citing:
>
> "This site is temporarily down for maintenance, please check back later"
>
>
>
> Jeremiah Grossman
>
>
>
> c c wrote:
>
> > It seems that the post cause some undesired efects
> > (Websleuth removed from OWASP, etc.), i'm really sorry
> > it was not my intention.
>

Next message: Charles 'core' Stevenson: "Eterm SGID utmp Buffer Overflow (Local)"
Previous message: shawn merdinger: "Re: Developerstore.com expose critical customer info"
In reply to: shawn merdinger: "Re: Developerstore.com expose critical customer info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 13 2002 - 20:56:56 PST