| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44C8DCD8.7030505@f-box.org> Date: Thu, 27 Jul 2006 17:33:44 +0200 From: Dan B <dan-fd@...ox.org> To: n3td3v <xploitable@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: F-Secure to release XSS "potential dangers" Hi, n3td3v wrote: > You missed the point of my post. > > I have nothing against F-Secure reporting the bug, I only have > something against F-Secure supplying information on how to use an XSS > vulnerability properly in which to cause the most damage to the > Netscape web site. F-Secure have not stated this in their posting to their weblog. > > If you read my post and the F-Secure blog properly, you'll see they > reported that the vulnerability wasn't exploited fully, and F-Secure > promised to publish information to show attackers how to do the job > properly. Incorrect. And I quote from http://www.f-secure.com/weblog/archives/archive-072006.html#00000927 "We'll finish our draft with more on the potential dangers of XSS for you soon." This in no way states that they are going to release details of current live XSS. > > Thanks for your attempt to wind me up, you almost succeeded. > > n3td3v > And if you take a look at: http://www.f-secure.com/weblog/archives/archive-072006.html#00000930 They do exactly that... DISCUSS the risks/dangers, NOT the details. You really should read peoples words more carefully before responding. Cheers, Dan. PS. It's Thursday, nearly the weekend! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists