lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <417DC7EB.70401@ip-solutions.net>
From: hhoffman at ip-solutions.net (Harry Hoffman)
Subject: Posting w/o checking facts

Hi,

Ok, I didn't think this needed to be said but why the hell are ppl 
posting exploits without doing any actual testing?

WTF is up with that. Umm, ok I can say that XYZ is a problem cause it 
"looks like it may be one".

NO, YOU CAN'T!!!! Or rather you can but then when everyone says your 
name while trying to hold back a snicker don't seem surprised.

If you think something is a problem then test it! If you can't test it 
than say so *clearly* in your post.

Making wild claims that a users' session can be hijacked or that you can 
force your way into the xyz system without testing makes you sound 
stupid (usually with good reason).

There have been at least three posts within the past couple of weeks 
that make claims that are questionable at best and certainly don't come 
with proof (or even anything that might closely resemble anything near 
proof).

My $0.02 cents (and I'm sure others will share one way or another) ;-)

--Harry


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ