On Fri, Dec 16, 2011 at 21:42, Eric Hellman <[log in to unmask]> wrote:
>
> You'll be happy to know that as bad as things are, they've improved considerably! I showed several ILS vendors how I could insert arbitrary javascripts into their products. Some of them fixed their products in the next update cycle, some took a couple of years. One particularly nasty vulnerability I am unable to talk about, it was so nasty and close to home. But the general problem persists. Perhaps an outing process would be useful.
>
Leaks4Lib? +1
-Mike
|