| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law11-OE16LF4BBPvJG0000a098@hotmail.com> From: se_cur_ity at hotmail.com (morning_wood) Subject: @(#)Mordred Security Notice - exporing the hacking websites Do not deny this man his freedom to speak his mind, especially about security flaws. The "errors" he pointed out are freely available to view, I have seen similar errors on many websites. Sir Mordred is meerly selecting from a plethora of servers that exhibit the same type of errors. Did we not just have a horrible war for FREEDOM? or did I dream of people being killed? my 2 bitz morning_wood http://exploit.wox.org ----- Original Message ----- From: "Sir Mordred" <mordred@...ail.com> To: <bugtraq@...security.net> Cc: <full-disclosure@...ts.netsys.com> Sent: Monday, May 05, 2003 5:25 PM Subject: Re: [Full-Disclosure] @(#)Mordred Security Notice - exporing the hacking websites > Hi, > > >While this is amusing, I'm hoping you tell them befor eyou post these? > > Actually no. There are several reasons for this: > 1) I failed to contact with some of them, so decided to share the > common behavior for all of them (i.e. dont tell) > 2) This is a REAL world examples - that means you can see that the are > present, they should show the state of web app security ( > you probably read enough pdf's on web app security, on sql injection ... > etc... ) > If it has been fixed, who can tell that i am telling the truth about the > vulnerabilities? > > Again, reading this notice and the notices > which will be released in the near future, you may think - > damn, these guys gonna teaching me security? > even teaching web application security? > wait, what? they are releasing web app assesment tools and doing web app > assesment for the money? ... > Hmm, they should run these elite tools of their websites! > > >If you legally post > >this type of information knowing others will be abusing it you >might find > yourself in some legal > >trouble down the road. > > Well, i know that. > But what is better? > Let me freely to post such kind of information or see it on a > full-disclosure from some unkown subscriber/haxor? > Or don't know that someone already using these vulnerabilities for > months and owning website? > > Also i hope that the community will not use this information > for harm, only for fun maybe :-)... > > Best regards, > // Sir Mordred > > > > > ________________________________________________________________________ > This letter has been delivered unencrypted. We'd like to remind you that > the full protection of e-mail correspondence is provided by S-mail > encryption mechanisms if only both, Sender and Recipient use S-mail. > Register at S-mail.com: http://www.s-mail.com > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists