lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <3eb70103.6de00fea@s-mail.com>
From: mordred at s-mail.com (Sir Mordred)
Subject: @(#)Mordred Security Notice - exporing the hacking websites

Hi,

>While this is amusing, I'm hoping you tell them befor eyou post these? 

Actually no. There are several reasons for this:
1) I failed to contact with some of them, so decided to share the
common behavior for all of them (i.e. dont tell)
2) This is a REAL world examples - that means you can see that the are
present, they should show the state of web app security (
you probably read enough pdf's on web app security, on sql injection ...
etc... )
If it has been fixed, who can tell that i am telling the truth about the
vulnerabilities?

Again, reading this notice and the notices 
which will be released in the near future, you may think -
damn, these guys gonna teaching me security? 
even teaching web application security? 
wait, what? they are releasing web app assesment tools and doing web app
assesment for the money? ... 
Hmm, they should run these elite tools of their websites!

>If you legally post
>this type of information knowing others will be abusing it you >might find
yourself in some legal
>trouble down the road.

Well, i know that. 
But what is better?
Let me freely to post such kind of information or see it on a 
full-disclosure from some unkown subscriber/haxor?
Or don't know that someone already using these vulnerabilities for
months and owning website?

Also i hope that the community will not use this information
for harm, only for fun maybe :-)...

Best regards,
// Sir Mordred




________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ