lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 04 Feb 2014 15:33:35 -0800
From: Mark Litchfield <mark@...uratary.com>
To: security curmudgeon <jericho@...rition.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [SPAM] Re: Ektron CMS TakeOver Part (2) -
 PaylPal-Forward.com demonstration

On 2/4/2014 3:13 PM, security curmudgeon wrote:
> : > This is not the behavior of the site as of 48 hours ago.
>
> : Let me check.  Normal registration should also be available ? Infact I
> : will remove the registration.
> :
> : The purpose of this whole registration in the first place was to allow
> : for future postings I am going to make later this week that would only
> : be available to registered users.  Not necessarily vulnerabilities, but
> : useful "stuff" for pentesting.  Also all registered users would be given
> : a 48 hours head start on any new vulnerabilities that I post in the
> : future.
>
> Which is great, but I strongly recommend you allow a site-specific
> registration for such purposes. Giving up one of the two dominant social
> media accounts for it is excessive.
Whilst you may be correct, Securatary is working toward the reason why 
it exists in the first place - Crowd Sourcing - 
http://www.securatary.com/PPPs/Pentester-Info.  With this in mind, 
making user registration an easy and no hassle process was the reason to 
include these social log in features as an OPTION.  Since March last 
year I have been trying to get investment to get it up and running but 
no such luck as of yet.

Anyway, that is the reason for these log in options.  Using these are at 
the users discretion so I see no need to pull them down and to be 
honest, its my website, I would not dream of telling you (strongly 
recommend) what to do with yours.

Thanks

Mark

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ