| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mattmurphy at kc.rr.com (mattmurphy@...rr.com) Subject: morning_wood should stop posting xss vulns insites and fix his own site. > my site is my site, why are you telling me to "fix" it? I knew it's 404 >has xss before any of you did. >Whats the big deal what my site has or hasnt... hmm? If you dont like my >stuff, dont read it, >my name is on every one of my posts.. every hear of filter? I dont read >several advisories here based on title alone.. am i missing out? mby, mby >not.. are you? XSS is a seecurity issue plain and simple, and "my site" >can have or have not whatever i please, i suggest not visiting then, >hell .. why are you even bothering to visit if you dont like.. Donnie, the point is that if you complain, don't make the same mistake. You're a hypocrite to call XSS a security issue, and then (knowingly) make the same error. It's not that hard to write a simple fix to filter your input. Basic JavaScript, Donnie, basic JavaScript. If XSS is a security issue, and the entire thesis of your so-called security list is that security issues should be dealt with, instead of hidden -- as has been your complaint before -- then you should leave that list now. Knowingly introducing vulnerabilities, and then not fixing them when several people (myself included) have noted it to you. -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .
Powered by blists - more mailing lists