lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 28 Jul 2006 22:05:51 +0100
From: xyberpix <xyberpix@...erpix.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: F-Secure to release XSS "potential dangers"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>
> I have nothing against F-Secure reporting the bug, I only have
> something against F-Secure supplying information on how to use an XSS
> vulnerability properly in which to cause the most damage to the
> Netscape web site.
>

Most books on Web Application hacking will freely give out this info  
and so wil most sites without having to look too far.


> If you read my post and the F-Secure blog properly, you'll see they
> reported that the vulnerability wasn't exploited fully, and F-Secure
> promised to publish information to show attackers how to do the job
> properly.
>

Personally, I do think that this is the only way that major corps are  
going to see how bad things could be.


> Thanks for your attempt to wind me up, you almost succeeded.

On the one, from my side, you seem to have calmed downed a hell of a  
lot lately, and to be honest, I'm actually reading what you write  
these days, keep it up, it's great to see!

I am not trying to start another flame war here, personally I think  
that n3td3v has come a long way recently.

xyberpix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEynwvjoyYcOmj6B8RAohRAJwNyFD6ZBL/t4KuIOcllPC+ZZyE7wCgpb44
zHuNu8LP8NpUrK+qO3XcyKE=
=lX6i
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ