lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 25 Oct 2004 23:43:39 -0400
From: Harry Hoffman <hhoffman@...solutions.net>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Posting w/o checking facts


Hi,

Ok, I didn't think this needed to be said but why the hell are ppl 
posting exploits without doing any actual testing?

WTF is up with that. Umm, ok I can say that XYZ is a problem cause it 
"looks like it may be one".

NO, YOU CAN'T!!!! Or rather you can but then when everyone says your 
name while trying to hold back a snicker don't seem surprised.

If you think something is a problem then test it! If you can't test it 
than say so *clearly* in your post.

Making wild claims that a users' session can be hijacked or that you can 
force your way into the xyz system without testing makes you sound 
stupid (usually with good reason).

There have been at least three posts within the past couple of weeks 
that make claims that are questionable at best and certainly don't come 
with proof (or even anything that might closely resemble anything near 
proof).

My $0.02 cents (and I'm sure others will share one way or another) ;-)

--Harry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ