lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <99610-2200370274742775@M2W069.mail2web.com>
From: mattmurphy at kc.rr.com (mattmurphy@...rr.com)
Subject: morning_wood should stop posting xss vulns insites and fix his own site.

> my site is my site, why are you telling me to "fix" it? I knew it's 404
>has xss before any of you did.
>Whats the big deal what my site has or hasnt... hmm? If you dont like my
>stuff, dont read it, 
>my name is on every one of my posts.. every hear of filter? I dont read
>several advisories here based on title alone.. am i missing out? mby, mby
>not.. are you? XSS is a seecurity issue plain and simple, and "my site"
>can have or have not whatever i please, i suggest not visiting then, >hell
.. why are you even bothering to visit if you dont like.. 

Donnie, the point is that if you complain, don't make the same mistake. 
You're a hypocrite to call XSS a security issue, and then (knowingly) make
the same error.  It's not that hard to write a simple fix to filter your
input.  Basic JavaScript, Donnie, basic JavaScript.  If XSS is a security
issue, and the entire thesis of your so-called security list is that
security issues should be dealt with, instead of hidden -- as has been your
complaint before -- then you should leave that list now.  Knowingly
introducing vulnerabilities, and then not fixing them when several people
(myself included) have noted it to you.

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ