Normal Web Surfers In Extreme Danger

From: Liu Die Yu (liudieyuinchina@yahoo.com.cn)
Date: 08/20/02 

Date: 20 Aug 2002 14:22:40 -0000
From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
To: vuln-dev@securityfocus.com
('binary' encoding is not supported, stored as-is)

Your privacy(your SSN, CC#, Phone #, Address, .etc) is in extreme danger.
This
is not because of the flaws in web browsers or web servers but in
digitalid.versign.com,
truste.org, bbb.org, bbbonline.org ,webtrust.org & thawte.org(very
amazing, isn't it?).
Unfortunately the flaw in all these sites (named Cross-Site Scripting)was
discovered and
reported officially about a decade ago and must have been exploited for a
long time.

        A demonstration is available at :
http://www16.brinkster.com/liudieyu/CSS6/CSS6-MyPage.htm
at present and always available at clik.to/liudieyu; I AM NOT RESPOSIBLE
FOR ANY ACTION YOU DO
AFTER YOU KNOW HOW TO EXPLOIT THE FLAW, SO IF YOU KILL ALL YOUR NEIGBORS
AFTER YOU READ IT, you
ARE THE BAD GUY!

        Don't waste time reporting bugs to these sites since I've alreay
done it. There is
a solution at present: when you want to check if a site is verified, open
a NEW web browser
window and search for the company name instead of clicking "Click to
Verify" logo.
   
        If you want a copy of the demonstration, you can contact me and
will get the demo in 24
hours via email.

        okay,I helped you.

        My handle is Liu Die Yu. I can be reached at
liudieyuinchina@yahoo.com.cn
Glad to be your friend. you may send something(a postcard is pretty good)
to ecourage me.
This page cost me a lot -- the network in China is slow and expensive.
-------Postal Address-----
Street Address: Xiang Tan Da Xue #B102
ZIP:411105
Country:CHINA

        Have I mentioned the first bug in the web that I discovered? That
was a big logo
"COLLEAGE"(spelling error, "COLLEGE" is right:)
        
     
-----Content-End