lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3ebfb02f.6c177757@s-mail.com>
From: mordred at s-mail.com (Sir Mordred)
Subject: What is better anyway?

Hi,

Well, three security notices have been released,
which exposed holes in several hacking websites and several security
companies's sites.
Everyone who read them, can actually see that is the real state of web app
security...
Everyone who read them, can see that vulnerabilities are truly dumb and
freely available for everyone,
for everyone who ever bothers to change url a bit, or to change the url
parameters...
Who guesses nothing more, that /admin/, /test/, and test.php...
Who is kewl enough to add single quotes/commas... 
Who even dont wanna to bother about hiding himself..

Interested what results i've got from this? 

1) content of http://mslabs.iwebland.com has been deleted, to hell with
that :-),
what you expect from free hosting? so i decided to leave an idea about
website until the time 
i can afford dedicated machine...

2) some people begin to investigation of "hack attacks",
which has been no more then just simple and basic security testing...

3) for some of the people the notices have been old news

And again, this question araises...
What is better? 
To see your website exposed in a security notice, or
to leave it in the state it is, owned by some few people (including me of
course), who can deface it
anytime they want, who can access you customers database...?
If you choose the first, then should the man who found and published it to
be tracked down and sued?
What if he notified you before publishing the details? Does it matter?
Or you should thank that man?

Any feedback will be appreciated.

Also, i would like to hear some words from the people who actually have
been exposed in the notices.
For now i have a feeling that i should stop "security noticing" forever...

Best regards,
// Sir Mordred






________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ