lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46C4CE0B.7040906@metaeye.org>
Date: Fri, 17 Aug 2007 03:52:03 +0530
From: Pranay Kanwar <warl0ck@...aeye.org>
To: "J. Oquendo" <sil@...iltrated.net>
Cc: full-disclosure@...ts.grok.org.uk, "Steven M. Christey" <coley@...re.org>,
	websecurity@...appsec.org
Subject: Re: SecNiche : Microsoft Internet Explorer Pop up
 Blocker Bypassing and Dos Vulnerability

Frankly i now feel, that its not SecNiche's fault entirely, it has got a
lot of encouragement from its past invalid and absurd claims.

Such as

_JWIG Context Dependent Template Calling Denial of Service Vulnerability._
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3816
http://www.securityfocus.com/bid/24974
http://xforce.iss.net/xforce/xfdb/35515

_Internet Explorer Domain Specification Dos and Page Suppressing._
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3550
http://www.securityfocus.com/bid/24744
http://xforce.iss.net/xforce/xfdb/35455

Anyone without knowing rocket science will tell that above two are entirely
absurd and invalid. Since SecNiche gets its bogus advisories through, why stop ?

It seems now only good place left is secunia, since they verify first before
adding the advisories. One does find the above two at secunia.

Also i am pretty sure the above links will stay forever and i don't suppose i
have to explain why.

Anyhow i just hope SecNiche would improve and get something *real*.

regards

warl0ck // MSG

J. Oquendo wrote:
> Aditya K Sood wrote:
> 
>> Embarrassment. Nothing lies beneath it. Critically your are too much at
>> of your own in deciding.
> 
> 
> Personally, this is just another kiddiot on my filters. I only see the
> residue of responses to him. I believe every single advisory this
> *person* (play nice now) has sent out has 1) never been verified 2)
> never been worthwhile 3) repeat steps 1 and 2.
> 
> I plan to release some advisories myself too sometime this millenium. I
> found that if you allowed these miserable posts to fill your mailbox,
> your machine will fill up space... Then crash... And crashing is a bad
> thing. Which is a DoS. Which is evil. Translation... Re-blocking APNIC
> and RIPE ranges. Evil hackers out there. Pop Up blockers... Scare-e...
> IE? I'm so owned as of last weekend months ago.
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ