lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 8 Oct 2011 06:30:04 +1100
From: xD 0x41 <secn3t@...il.com>
To: Peter Dawson <slash.pd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: LinkedIn_User Account Delete using Click
	jacking

Hi,
Another security expert... sheesh... and they cannot do simplest of tasks,
makes me wonder really how do they get anything atall coded, but then again
i doubt there is code... I bet theyre all some persistent xss etc... wich
would req some fuzz tool... well, cewrtainly see better people like kcope
who does not call himself any senior security, yet has made many of remote
exploits, and he posts them in his <body> so, it should be i think put in
the email-bdy, responsibly that is.
That would be good to have but since everyone company takes ITsec so
differently, i know MS and Google have great disclosure policies, but this
is supposed to be on theyre end, not ours... so i guess its another good
question.
cheers
xd



On 8 October 2011 06:25, Peter Dawson <slash.pd@...il.com> wrote:

> if I get it right this dude is supposed to be "
>
>    - Senior Security Analyst at iViZ Techno Solutions Pvt. Ltd.<http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof>
>
> Whatever happened  on protocol's for  responsible disclosure ?
>
> On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41 <secn3t@...il.com> wrote:
>
>> Screw you dude, attaching executable doc files , and then pushing out a
>> few *0days*
>> I wont be looking at *any* thing attached as a doc, thats just common
>> sense. nowdays, and there is abs NO need on this list for it, it is FD, your
>> meant to put it in the BODY of email, or atleast maybe next time, change the
>> type to linux 0day and attach .S file... ??
>> screw u and ur advisorys, fix them into proper order asin written as any
>> would be, and ill read it, but never ask a dood to open the attachment!
>>
>>
>>
>>
>>   On 7 October 2011 22:48, asish agarwalla <asishagarwalla@...il.com>wrote:
>>
>>>  Hi,
>>>
>>> LinkedIn_User Account Delete using Click jacking.
>>>
>>> This Vulnerability is accepted by LinkedIn they are in a process
>>> to patched it but not yet patched.
>>>
>>> Please find the document describing the vulnerability.
>>>
>>> Regards
>>> Asish
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ