| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: cyn0n at myrealbox.com (cyn0n@...ealbox.com) Subject: pissed off greets- Is anyone else pissed off at stupid shit like this flying around lists that are supposed to be respectable? Arguing over this type of stuff and even reporting this is just the most stupid fucking thing I've ever seen. Why is there such an emergence of stupid 'professionals' that wish they knew a thing about security and try to prove it by posting to lists to gain fame for their worthless capitalistic tendencies in security? There have been arguments that there is some good to having people like this so that the public image is maintained but look at the news--the public still doesn't like people who are smarter than them concerning computers/networks/security. I'll be the first one to evangelize full-disclosure and open-source and all that good stuff but there is an inherent problem with people like this and we must find a way to remove them from our scene. I'd propose the first and easy way is to setup another new mailing list dedicated to not producing crap in our mailboxes that we have to define another rule for deletion of. Of course wasn't this full-disclosure's intentions in the first place? There exist private unknown lists that stay semi-true to these goals but they are all very small in circulation and don't garner enough of the support that is needed to build and grow our scene. Then of course you have irc/ircs but not all of us have enough time to fuck around and idle when more important stuff like research and coding (holy shit! hackers code?!!) and keeping a job exist. Anyone have any ideas on what to do with this? Now to ward off stupid people that type faster than they think: 1) Following the old security adage I'm labeling everyone that might think I'm talking about them a 'stupid shit' unless they can prove otherwise. Basically don't take offense that easily if you disagree with what I've said above regarding the material that is frequently on the list. 2) There are not too many worthwhile security companies/'groups' out there. Therefore I tend to generalize and stereotype the rest of you. If you are an exception to this my apologies. 3) If you are sending a flame or non-constructive comments at least have the decency to forward them to me privately instead of creating more spam. I'd of course prefer if you just calmed down and though for a second. pissed off, cyn0n On Wed, Apr 23, 2003 at 02:30:14PM -0400, badpack3t wrote: > Tamer, > > You may want to correct yourself. You discovered http://target/% on an > OLD (Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.) version. > I found a different bug in there latest version (which was 2.2.9.0. at the > time) by requesting a GET / with 4096 ?'s. Now how would this be the same > as you released? Care to explain? > > --------------------------- > -badpack3t > www.security-protocols.com > --------------------------- > > > Hi Folks, > > > > I contributed the vulnurability about Xeneo Webserver, mentioned below, > > to iDefense on 4th, November 2002. All rights on this vulnurability > > belongs to me and iDefense. > > > > Craps, > > http://lists.netsys.com/pipermail/full-disclosure/2003-April/009371.html > > http://lists.netsys.com/pipermail/full-disclosure/2003-April/009386.html > > > > My Advisories at iDefense, > > http://www.idefense.com/advisory/11.04.02b.txt > > > > Please, without searching well, do not publish these kind of advisories. > > > > Cheers, > > > > Tamer Sahin > > http://www.securityoffice.net > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists