lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 17 Feb 2011 14:18:33 -0500
From: Григорий Братислава <musntlive@...il.com>
To: "Zach C." <fxchip@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Vulnerability is in response

Hello full-disclosure!!

I is like to warn you about rhetoric and annoyance nuisance. Is once
upon a time MustLive has maybe is one exploit to is make me say "черт
возьми!" howisever MustLive is how you say? pička in Crotia.

Is I top post for annoy:

1) MustLive is lonely pička with is one to many copy of cracked
Accunetix is run in background to report to full disclosure (hi is
look at me, I find vuln no one is care about!!)

2) Is vuln he find are old news to many who choose is not to release
lame advisory (is especially those future advisory of his)

3) Is every so often I is want to kick him in teeth and say "is shut
up puto sucio"

Your guess is wrong. MustLive is point and click-kiddiot (&TM;) who is
never discovery real vulnerability and is not even know what is EAX
(is hint not to be confused with is LAX airport)

4) Is stop feeding troll

On Thu, Feb 17, 2011 at 1:29 PM, Zach C. <fxchip@...il.com> wrote:
> Well, just playing devil's advocate here, mind you, I think much of the
> irritation from MustLive's postings comes from the following three reasons:
>
> 1.) MustLive is primarily a web-application specialist (for the sake of
> argument)
> 2.) The vulnerabilities he finds are of a class of vulnerabilities that are
> most common in his field. (Consider: someone searching for vulnerabilities
> in internet services directly and doing the binary analysis will primarily
> be finding buffer or stack overflows, right? In web security, XSS and SQL
> injection (as well as others I'm undoubtedly forgetting -- I am *NOT*
> counting "not using a CAPTCHA" here, see next item) are the most common
> vulnerabilities, given the lack of binary code to overwrite)
> 3.) Every so often he posts a vulnerability of questionable risk in the form
> of "anti-automation" which is essentially a fancy way of saying "ha ha they
> don't use CAPTCHA." I don't consider that a vulnerability so much as an
> opening for annoyance; I suppose your mileage may vary.
>
> My guess is that there's a thought that web apps are far easier to crack at
> than binaries, so vulnerabilities are easier to find, therefore don't waste
> time finding something that's "useless." That may be, in some cases, but
> sometimes a vulnerability in the web app destroys the entire chain, so to
> speak.
>
> Thoughts?
>
> -Zach

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ