Perfecto Technologies' Black Watch Labs Advisory Reveals Vulnerability in Common Email System

Press Releases
News and Features
Upcoming Events
Web Security News

Santa Clara, Calif. - March 3, 2000 - Perfecto Technologies, the leading developer of Web Application Security Management software, today released its latest Black Watch Labs advisory which reveals how a common email system, mail.com, is vulnerable to Web application-level hacking. The mail application employs a weak security scheme. It assigns session-IDs ("tokens") for logged-in users which allow reading of arbitrary users' messages and private information, if enough effort is invested.

Two underlying free web mail applications from mail.com have been identified, however, this vulnerability pertains to only one of them. Services that use the other application are not vulnerable as far as we know. The free web mail offered to users directly by mail.com is not vulnerable. Identifying the vulnerable application can be done by checking whether the suspected application is willing to serve clients that disallow cookies (only the vulnerable application does that), and that once the user logged-in, the URLs have the "iNAME=..." trailer. If such is the case, the attack method described above is applicable. The vendor has been notified of this vulnerability and there is no patch available at this time. For technical details of this problem, please visit https://www.perfectotech.com/blackwatchlabs/.

About Black Watch Labs (www.perfectotech.com/blackwatchlabs/)
Black Watch Labs is a research group operated by Perfecto Technologies Inc., the leader in Web Application Security Management. Black Watch Labs was established in order to further the knowledge of the Internet community in the arena of Web application security management. Black Watch Labs publishes security advisories regularly, which are maintained at https://www.perfectotech.com/blackwatchlabs/, and are also posted to relevant security lists and Web sites. Black Watch Labs also operates a Web application security mailing list, which can be subscribed to at https://www.perfectotech.com/blackwatchlabs/. For more info about Black Watch Labs and Web Application Security Management, please call (408) 855-9500 or email [email protected].

About Perfecto Technologies
Founded in 1997 and headquartered in Santa Clara, Calif., Perfecto Technologies pioneered the market for Web application security management software. AppShield, Perfecto's initial product offering, is the first to provide extreme security for customer-facing applications in dynamic eBusiness environments. Customers include companies in the e-commerce, financial services, and high-tech industries. Privately held, Perfecto is funded by blue-chip venture capital firms and industry leaders, including Goldman Sachs, Intel Corporation, Sequoia Capital, The Sprout Group and Walden Israel. More information about Perfecto Technologies may be obtained by visiting the Company's web site at www.perfectotech.com or by calling the Company directly at (408) 855-9500.

 #   #   #

For Immediate Release
Contact:

Chris Benham
Perfecto Technologies, Inc.
(408) 855-9500
[email protected]

Kevin Pedraja
Sterling Communications
(408) 441-4100
[email protected]

  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://oakgroveplantationsc.com/
  12. https://www.the-vision-of-harmony.org/
  13. https://www.pantheonpress.com/
  14. https://thefinancialgraduate.com/
  15. https://www.thenutkitchen.com/
  16. https://altiboutique.com/
  17. https://ambushsweden.com/
  18. https://goingonforgod.com/
  19. https://lasdopestattorney.com/
  20. https://www.sewardne.com/
  21. https://www.tehranfestival.com/
  22. https://www.bistrotmarin.com/
  23. https://brysonchristianmontessorischool.com/
  24. https://www.excalibureurope.com/
  25. https://www.tropicaltopless.com/
  26. https://www.originallotsoflox.com/
  27. https://www.wavespace-berlin.com/
  28. https://www.nicolasboutruche.com/
  29. https://www.michiganmediates.org/
  30. https://www.victoria-abbott.com/
  31. https://www.yourmyrtlebeachproperty.com/
  32. https://metrcconference.com/
  33. https://biotechscope.com/
  34. https://jzbrasil.com/
  35. https://kingswoodacquisition.com/
  36. https://www.mobilegourmetkitchen.com/
  37. https://saafootball.org/
  38. https://griefergames.info/
  39. https://ampalauragarcianoblejas.com/
  40. sbobet
  41. judi parlay
  42. togel kamboja
  43. Pengeluaran Cambodia
  44. judi bola
  45. demo slot
  46. Togel Kamboja
  47. keluaran Kamboja
  48. slot thailand
  49. togel kamboja
  50. keluaran kamboja
  51. togel Kamboja
  52. slot demo
  53. keluaran cambodia
  54. togel cambodia
  55. demo mahjong
  56. live draw macau
  57. slot thailand
  58. pengeluaran kamboja