lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 27 Jul 2006 16:14:58 +0000
From: n3td3v <xploitable@...il.com>
To: n3td3v <n3td3v@...glegroups.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: F-Secure to release XSS "potential dangers"

On 7/27/06, Dan B <dan-fd@...ox.org> wrote:
> "We'll finish our draft with more on the potential dangers of XSS for
> you soon."
.

My translation:

No malicious code was used in the Netscape hack, but we'll release
tips and code examples soon to show everyone how you can use the
Netscape vulnerability to cause the maximum damage, since these guys
only know how to write pop-up dialog alert scripts with childish
messages so far.

I'm sure if they knew how to fully exploit the Netscape vulnerability,
they would have done so, so we're just going to give them a helping
hand by releasing a draft, with a carefully crafted title "potential
dangers of XSS", we'll get away with it by calling it that.

People will just think we're trying to scare vendors into taking XSS
more seriously, but really, the aim of our draft will be to aid
malicious users who didn't know how dangerous XSS was, and that theres
more to XSS than just popping-up funny alert messages, just don't tell
anyone our true intentions, we want to sound responsible and
professional, while helping attackers by proxy at the same time.

Remember, the bigger the attacks we can encourage, the more money we
as F-Secure make. Any tactic to help attacks occur while on the
surface looking responsible and professional, will help our profit and
sell us more software.

It gets boring in the summer at F-Secure when all the hackers are on
vacation and sitting out on beaches getting a sun tan, so the more we
can provoke these kind of attacks the better for our boredom as
individual employees and the F-Secure brand as a whole.

Remember, without the badguys with big hacks, we as F-Secure would
have no reason to exist, so it makes since for us to do everything
legally possible to show people how to hack in the greatest possible
way.

We'll release that potential dangers of XSS draft soon, stand by
folks, our profit depends on it.

Please check out our software, it will by coincidence protect you
against everything we'll be mentioning in our "Potential dangers of
XSS" draft.

Stay safe folks, F-Secure is part of your security solution, and we're
here to protect you.

Don't listen to n3td3v when he says we want to create security
incidents for our software to fix, that kind of idea is unthinkable.

Check out our web site
www.f-secure.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ