lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: kdebisschop at alert.infoplease.com (Karl DeBisschop) Subject: morning_wood should stop posting xss vulns insites and fix his own site. On Sun, 2003-07-27 at 00:07, mattmurphy@...rr.com wrote: > > my site is my site, why are you telling me to "fix" it? I knew it's 404 > >has xss before any of you did. > >Whats the big deal what my site has or hasnt... hmm? If you dont like my > >stuff, dont read it, > >my name is on every one of my posts.. every hear of filter? I dont read > >several advisories here based on title alone.. am i missing out? mby, mby > >not.. are you? XSS is a seecurity issue plain and simple, and "my site" > >can have or have not whatever i please, i suggest not visiting then, >hell > .. why are you even bothering to visit if you dont like.. > > Donnie, the point is that if you complain, don't make the same mistake. Do you take it as a complaint? As one of the sites listed in a recent posting from Donnie, I take it as information that allows me to make the site better. There was a one character typo which I found as a result of his notice. Easily fixed, case closed. > You're a hypocrite to call XSS a security issue, and then (knowingly) make > the same error. It's not that hard to write a simple fix... I chanced to observe some other sites did not make the fix -- if Donnie sent out one reminder for each time someone said he should stop posting about XSS, then it would get annoying. But he does not. What is annoying is all the static it generates. Donnie, I think you look best when you manage to stay above the fray - its really not worth responding to the bait. To all others, whether it is is serious security issue or not, it is a security issue. And his posting is a small part of the site traffic. Can't we just be calm and not get so carried away with the personal accusations? -- Karl DeBisschop <kdebisschop@...rt.infoplease.com>
Powered by blists - more mailing lists