lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00dc01c5fcdd$9fee1740$0100a8c0@nuclearwinter>
Date: Fri Dec  9 16:40:12 2005
From: fd-list at g-0.org (sk / GroundZero)
Subject: Re: Google is vulnerable from XSS attack

> Guys, don't be haters. n3td3v found a CRITICAL HOLE in one of the
> worlds biggest online products. He may not be the most popular face on
> this list, but his reputation stands firm. And now he's proven
> himself. You can't argue with that. It's solid. Those of you casting
> disparagements need to look carefully in the mirror and consider what
> you have contributed to this list. Have you found any XSS holes? Have
> you found any SQL holes. You be lucky to find your own pie holes. No?
> What? You've found no SQL injections? You're not a haxer. Sitting on
> this list riding on the backs of real researchers like our man here.

i found various holes over the years some have been made public and some stay undisclosed.
i wrote exploits for local/remote buffer overflows, format strings, integer overflows etc
hell even bss segment overflows but thats rater PoC as i never really spotted them "in-the-wild".
anyhow, its not that i want to show off or anything, i just want to tell you that i know what i'm talking
about. i dont sit here and post just because i have nothing better todo, but its annoying me
to see some kid act like he is the best security researcher ever, just because he found some
LAME XSS flaw.

well most people tend to just ignore such trolls, but if noone tells him how stupid he is, he will
continue to annoy us with his stupid postings.

also its not hard at all to spot XSS or SQL injection bugs. that is the most basic auditing.
i have yet to see any usefull code from him. finding sql injection bugs doesnt require
you to be a hacker.

> It's indisputable. He has proven contacts, a proven track record, and
> an ever growing war belt with TINY SHRUNKEN HEADS of the biggest
> companies today hanging from it. Google. Yahoo. IBM. Linux.

ok either you are a good friend of him or you are just n3td3v under an anonymous handle.
i belive you are n3td3v, but ok lets say you arent then you need to crawl out of his ass and stfu,
since judging by your comments you arent much into security at all.

oh and by the way, LINUX isnt a company :P

> The fellow may be lacking in personal skills, but most eccentric high
> flyers seem to share that trait. Einstein couldn't hold a marriage. Or
> like da Vinci and his oftentimes hard relationships with his young
> assistants. Nicolas Tesla held groundbreaking ideas but was
> discredited by two-bit hacks shouting him down from the sidelines. Hmm
> does that sound familiar? Yeah, without researchers like n3td3v
> working on these things, the whole system would just be falling apart
> all willynilly.

yea real security professionals who actually work hard to find new technics,
take hours of work to write an exploit for a double free() and not some stupid
xss flaws. sure xss can be a security risk, but most of the time its nothing and all low risk.
many people filter out XSS postings even. there is no hard work needed to find a xss flaw at all.

> So I think it's time to start acting like
> professionals. You want some cred, you've got to plug some holes. And
> then keep on plugging some more, even after you think they're
> completely plugged. Like MC Hammer did.

shut up n3td3v?(clone)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ