| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Jul 2006 03:36:38 +0000 From: n3td3v <xploitable@...il.com> To: n3td3v@...glegroups.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Securityfocus fall for n3td3v agenda to show up the security company On 7/28/06, whistles <4whistles@...il.com> wrote: > On 7/27/06, n3td3v <xploitable@...il.com> wrote: > > Introduction: > > > > If it wasn't for my Fool-Disclosure thread > > http://groups.google.com/group/n3td3v/browse_thread/thread/c700b86a2c70e4cb > > about F-Secure you can bet this http://www.securityfocus.com/brief/264 > > article wouldn't be on Securityfocus.com right now, and that is the > > point of what I was upto. > > > --snipped rambling grandiose blathering > > > You have saved the world again N3td3v, Congrats and many thanks from a > mere mortal!!!!! > I have socially engineered him for what his company is worth, nothing but drama queens who pretend theres a XSS worm threat when there isn't. The only worm ever to appear with XSS was a harmless Myspace worm, yet both companies are saying things are critical and that the internet is rife with wormable XSS flaws, just to advertise to any would-be attacker who didn't know, to make sure they know now. There wasn't originally a threat in reality, but you can be sure they've just created a threat by talking up the attack vector of XSS worms on social network sites. F-Secure was originally in the wrong to report their recent "Your new friend is a worm" blog entry, but Securityfocus was even more in the wrong by copying their stance and acting in the same bad taste as F-Secure. You can bet they'll be an XSS worm on a social network doing something malicious in the next 6 to 12 months now, and you have F-Secure and Securityfocus to thank. This is the damage the two irresponsible vendors have the ability to cause by reporting on false postiive security threats, just to encourage security incidents and encourage "rent a quote" people to play a lip service song on their hyped-up security threats and profit margins. Securityfocus and F-Secure in my opinion want an outbreak of social networking XSS worms, and now someone will be stupid enough to be infulenced by them and give them what they want. Securityfocus and F-Secure have clever ways of justifying what they do, but I guess they under estimate the intelligence of you and me in the security community not to see through what they are really upto. While they can get away with it legally, they can't get away from the moral wrong doings in the mind of the security community. Both companies are guilty in my personal opinion of _incitement_ to cause a security incident in relation to XSS worms on social networking sites, but these companies get away with similar all the time, so I guess they are allowed to do what they do under some warped journalistic guidelines. I know theres no XSS worm threat, Securityfocus know theres no XSS worm threat, F-Secure know theres no XSS worm threat, and everyone in the security community knows theres no XSS worm threat, so why talk up an XSS worm threat when there isn't one? Unless you want one to happen. I conclude to say this is proof theres no moral responsibility in security news journalism anymore, if there ever was any, and this needs to change and fast. Theres nothing we can do now, the damage has been done, we can only hope and pray the worst doesn't occur, a fully fledged malicious XSS worm on a social networking web site. n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists