lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: kdebisschop at alert.infoplease.com (Karl DeBisschop)
Subject: morning_wood should stop posting xss vulns
	insites and fix his own site.

On Sun, 2003-07-27 at 00:07, mattmurphy@...rr.com wrote:
> > my site is my site, why are you telling me to "fix" it? I knew it's 404
> >has xss before any of you did.
> >Whats the big deal what my site has or hasnt... hmm? If you dont like my
> >stuff, dont read it, 
> >my name is on every one of my posts.. every hear of filter? I dont read
> >several advisories here based on title alone.. am i missing out? mby, mby
> >not.. are you? XSS is a seecurity issue plain and simple, and "my site"
> >can have or have not whatever i please, i suggest not visiting then, >hell
> .. why are you even bothering to visit if you dont like.. 
> 
> Donnie, the point is that if you complain, don't make the same mistake.

Do you take it as a complaint? As one of the sites listed in a recent
posting from Donnie, I take it as information that allows me to make the
site better. There was a one character typo which I found as a result of
his notice. Easily fixed, case closed.

> You're a hypocrite to call XSS a security issue, and then (knowingly) make
> the same error.  It's not that hard to write a simple fix...

I chanced to observe some other sites did not make the fix -- if Donnie
sent out one reminder for each time someone said he should stop posting
about XSS, then it would get annoying. But he does not. What is annoying
is all the static it generates.

Donnie, I think you look best when you manage to stay above the fray -
its really not worth responding to the bait. To all others, whether it
is is serious security issue or not, it is a security issue. And his
posting is a small part of the site traffic. Can't we just be calm and
not get so carried away with the personal accusations?

-- 
Karl DeBisschop <kdebisschop@...rt.infoplease.com>


Powered by blists - more mailing lists