| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Dec 2007 15:23:15 -0500 From: Byron Sonne <blsonne@...ers.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: on xss and its technical merit > Its amazing the last 2 posters even have > to time to read FD. It's not without it's uses :) > With all the super important super secret > projects they must be working. LOL > believes XSS and XSRF as viable attack vectors > The other side thinks its rubbish. That's a disingenuous distortion. I happen to think they are both viable attack vectors AND rubbish. > the folks who are so bored <yawn> with XSS and > CSRF can post their remarkable works and amaze > us all. The second I can think of, or accomplish, something that's both more interesting than this xsscsrfbbqwtf slop and hasn't been done before, I will. It is not easy to come up with cool new stuff or "wicked ass shit". That's kinda my point, and why we see so much of this derivative crap. Now obviously there's a ton of folks around with way better resumes than me and a far better skill set, but don't go telling me to stand in awe of someone who found this kind of hole in some big name website. Wanting fame and respect for XSS on stuff like Goggle is like asking for respect 'cos you lifted Paris Hilton's wallet, or jimmied the door on the back of Microsoft's shipping warehouse. There is nothing gloriously technical about it, there is no elegance, only a clever trick. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists