[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030425043622.GA29273@fserv.pikapphi.umr.edu>
From: cyn0n at myrealbox.com (cyn0n@...ealbox.com)
Subject: pissed off
greets-
Is anyone else pissed off at stupid shit like this flying around lists
that are supposed to be respectable? Arguing over this type of stuff and
even reporting this is just the most stupid fucking thing I've ever
seen. Why is there such an emergence of stupid 'professionals' that wish
they knew a thing about security and try to prove it by posting to lists
to gain fame for their worthless capitalistic tendencies in security?
There have been arguments that there is some good to having people like
this so that the public image is maintained but look at the news--the
public still doesn't like people who are smarter than them concerning
computers/networks/security.
I'll be the first one to evangelize full-disclosure and open-source
and all that good stuff but there is an inherent problem with people
like this and we must find a way to remove them from our scene. I'd
propose the first and easy way is to setup another new mailing list
dedicated to not producing crap in our mailboxes that we have to define
another rule for deletion of. Of course wasn't this full-disclosure's
intentions in the first place? There exist private unknown lists that
stay semi-true to these goals but they are all very small in circulation
and don't garner enough of the support that is needed to build and
grow our scene. Then of course you have irc/ircs but not all of us have
enough time to fuck around and idle when more important stuff like
research and coding (holy shit! hackers code?!!) and keeping a job
exist. Anyone have any ideas on what to do with this?
Now to ward off stupid people that type faster than they think:
1) Following the old security adage I'm labeling everyone that might
think I'm talking about them a 'stupid shit' unless they can prove
otherwise. Basically don't take offense that easily if you disagree with
what I've said above regarding the material that is frequently on the
list.
2) There are not too many worthwhile security companies/'groups' out there.
Therefore I tend to generalize and stereotype the rest of you. If you
are an exception to this my apologies.
3) If you are sending a flame or non-constructive comments at least have
the decency to forward them to me privately instead of creating more
spam. I'd of course prefer if you just calmed down and though for a
second.
pissed off,
cyn0n
On Wed, Apr 23, 2003 at 02:30:14PM -0400, badpack3t wrote:
> Tamer,
>
> You may want to correct yourself. You discovered http://target/% on an
> OLD (Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.) version.
> I found a different bug in there latest version (which was 2.2.9.0. at the
> time) by requesting a GET / with 4096 ?'s. Now how would this be the same
> as you released? Care to explain?
>
> ---------------------------
> -badpack3t
> www.security-protocols.com
> ---------------------------
>
> > Hi Folks,
> >
> > I contributed the vulnurability about Xeneo Webserver, mentioned below,
> > to iDefense on 4th, November 2002. All rights on this vulnurability
> > belongs to me and iDefense.
> >
> > Craps,
> > http://lists.netsys.com/pipermail/full-disclosure/2003-April/009371.html
> > http://lists.netsys.com/pipermail/full-disclosure/2003-April/009386.html
> >
> > My Advisories at iDefense,
> > http://www.idefense.com/advisory/11.04.02b.txt
> >
> > Please, without searching well, do not publish these kind of advisories.
> >
> > Cheers,
> >
> > Tamer Sahin
> > http://www.securityoffice.net
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists