<div dir="ltr">Yes, in theory. There are scenarios where you can do all those things. None of those are what the authors meant, to put it kindly.<div><br></div><div>-dave</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Oct 11, 2016 at 11:45 AM Eric Schultz <<a href="mailto:fire0088@gmail.com">fire0088@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr" class="gmail_msg">"You cannot deface websites with cross-site-scripting"</p>
<p dir="ltr" class="gmail_msg">You can with stored cross site scripting.</p>
<p dir="ltr" class="gmail_msg">You if the app is also vulnerable to cross site request forgery.</p>
<p dir="ltr" class="gmail_msg">You can if you steal a privileged session and you have network access.<br class="gmail_msg"></p>
<p dir="ltr" class="gmail_msg">-Eric</p>
<div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg"></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg">On Oct 10, 2016 11:24 AM, "Dave Aitel" <<a href="mailto:dave.aitel@gmail.com" class="gmail_msg" target="_blank">dave.aitel@gmail.com</a>> wrote:<br type="attribution" class="gmail_msg"></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg">2 Book Reviews in this post.<div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">1. <a href="https://www.amazon.com/Lab-Girl-Hope-Jahren-ebook/dp/B00Z3FYQS4/ref=tmm_kin_swatch_0?_encoding=UTF8&qid=1476112205&sr=8-1" class="gmail_msg" target="_blank">Lab Girl</a> : Probably the best book I've read all year. Immediately go and purchase and read this. Speaks well to the hacker spirit, but is written like poetry. </div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">2. <a href="http://cybersecpolitics.blogspot.com/2016/10/book-review-cyber-war-vs-cyber-realities.html" class="gmail_msg" target="_blank">http://cybersecpolitics.blogspot.com/2016/10/book-review-cyber-war-vs-cyber-realities.html</a> - Read my review please, but don't buy the book. :) I masochistically read these books because if you don't publicly review them, they filter into things people "know" about cyber war strategy, and make for very painful policy meetings and Wassenaar like things. People who write these sort of books need to write them knowing someone is going to read them with a critical eye.</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">-dave</div><div class="gmail_msg"><br class="gmail_msg"></div></div>
<br class="gmail_msg"></blockquote></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br class="gmail_msg">
Dailydave mailing list<br class="gmail_msg">
<a href="mailto:Dailydave@lists.immunityinc.com" class="gmail_msg" target="_blank">Dailydave@lists.immunityinc.com</a><br class="gmail_msg">
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br class="gmail_msg">
<br class="gmail_msg"></blockquote></div></div>
</blockquote></div>