Perfecto Technologies' Black Watch Labs Advisory Reveals Vulnerability in Common Email System

Press Releases
News and Features
Upcoming Events
Web Security News

Santa Clara, Calif. - March 3, 2000 - Perfecto Technologies, the leading developer of Web Application Security Management software, today released its latest Black Watch Labs advisory which reveals how a common email system, mail.com, is vulnerable to Web application-level hacking. The mail application employs a weak security scheme. It assigns session-IDs ("tokens") for logged-in users which allow reading of arbitrary users' messages and private information, if enough effort is invested.

Two underlying free web mail applications from mail.com have been identified, however, this vulnerability pertains to only one of them. Services that use the other application are not vulnerable as far as we know. The free web mail offered to users directly by mail.com is not vulnerable. Identifying the vulnerable application can be done by checking whether the suspected application is willing to serve clients that disallow cookies (only the vulnerable application does that), and that once the user logged-in, the URLs have the "iNAME=..." trailer. If such is the case, the attack method described above is applicable. The vendor has been notified of this vulnerability and there is no patch available at this time. For technical details of this problem, please visit https://www.perfectotech.com/blackwatchlabs/.

About Black Watch Labs (www.perfectotech.com/blackwatchlabs/)
Black Watch Labs is a research group operated by Perfecto Technologies Inc., the leader in Web Application Security Management. Black Watch Labs was established in order to further the knowledge of the Internet community in the arena of Web application security management. Black Watch Labs publishes security advisories regularly, which are maintained at https://www.perfectotech.com/blackwatchlabs/, and are also posted to relevant security lists and Web sites. Black Watch Labs also operates a Web application security mailing list, which can be subscribed to at https://www.perfectotech.com/blackwatchlabs/. For more info about Black Watch Labs and Web Application Security Management, please call (408) 855-9500 or email [email protected].

About Perfecto Technologies
Founded in 1997 and headquartered in Santa Clara, Calif., Perfecto Technologies pioneered the market for Web application security management software. AppShield, Perfecto's initial product offering, is the first to provide extreme security for customer-facing applications in dynamic eBusiness environments. Customers include companies in the e-commerce, financial services, and high-tech industries. Privately held, Perfecto is funded by blue-chip venture capital firms and industry leaders, including Goldman Sachs, Intel Corporation, Sequoia Capital, The Sprout Group and Walden Israel. More information about Perfecto Technologies may be obtained by visiting the Company's web site at www.perfectotech.com or by calling the Company directly at (408) 855-9500.

 #   #   #

For Immediate Release
Contact:

Chris Benham
Perfecto Technologies, Inc.
(408) 855-9500
[email protected]

Kevin Pedraja
Sterling Communications
(408) 441-4100
[email protected]

  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://www.the-vision-of-harmony.org/
  12. https://www.pantheonpress.com/
  13. https://thefinancialgraduate.com/
  14. https://www.thenutkitchen.com/
  15. https://altiboutique.com/
  16. https://ambushsweden.com/
  17. https://goingonforgod.com/
  18. https://lasdopestattorney.com/
  19. https://www.sewardne.com/
  20. https://www.tehranfestival.com/
  21. https://brysonchristianmontessorischool.com/
  22. https://www.excalibureurope.com/
  23. https://www.originallotsoflox.com/
  24. https://www.wavespace-berlin.com/
  25. https://www.michiganmediates.org/
  26. https://www.yourmyrtlebeachproperty.com/
  27. https://metrcconference.com/
  28. https://biotechscope.com/
  29. https://jzbrasil.com/
  30. https://saafootball.org/
  31. https://griefergames.info/
  32. https://ampalauragarcianoblejas.com/
  33. sbobet
  34. judi parlay
  35. togel kamboja
  36. Pengeluaran Cambodia
  37. judi bola
  38. Togel Kamboja
  39. keluaran Kamboja
  40. slot thailand
  41. togel kamboja
  42. keluaran kamboja
  43. togel Kamboja
  44. slot demo
  45. keluaran cambodia
  46. togel cambodia
  47. live draw macau
  48. slot thailand
  49. pengeluaran kamboja
  50. judi bola
  51. sbobet
  52. slot demo
  53. togel sdy
  54. demo slot
  55. keluaran kamboja
  56. judi sbobet
  57. slot qris
  58. slot qris 5000
  59. slot qris
  60. slot deposit 5000
  61. slot qris
  62. pintarbersamamedan.org
  63. slot qris gacor
  64. slot qris 5000
  65. generasitogel
  66. live draw kamboja
  67. slot deposit qris
  68. toto macau
  69. pengeluaran macau
  70. macau pools
  71. slot server thailand super gacor
  72. slot qris 5k
  73. toto hk
  74. toto sdy
  75. toto sgp