Direct Links
english
deutsch

FileBox Login
Offene Stellen / Jobs
 

Microsoft Outlook Web Access Vulnerability

October 15, 2008; Martin Suess

The vulnerability found targets the Outlook Web Access application for Microsoft Exchange 2003. A valid user can be redirected to a malicious website when clicking on a specially crafted URL which can be sent to the user by email. If the user is logged in, he is redirected instantly - if he is not logged in yet, the login page will be displayed and he will be redirected after successful login. This vulnerability can be used to redirect the user to a phishing website which shows the (faked) login screen and getting the users logon credentials as soon as he tries to log in on the faked site.

Links:
 

News

HTML5 Web Security
12/7/11 - HTML5 Security Research Report

Review BlackHat / Defcon 2011
11/8/11 - This year, as every year, two security analysts of Compass Security AG participated in the BlackHat and Defcon in Las Vegas.

Oracle RDC Onsite XSS Vulnerability
10/18/11 - Compass Security has found a vulnerability in ORACLE RDC ONSITE.

Course Schedule - New iPhone & iPad Hands-On course
10/6/11 - The new iPhone & iPad Compass course will be held in Switzerland for the first time

it-sa 2011: Compass Live-Hacking at IT-SA 2011 in Nürnberg
9/29/11 - Meet Compass at IT-SA Messestand in Halle 12, Stand 226. We will present Live-Hackign with newest iPhone and Mobile Devices.