lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <271779.86515.qm@web45516.mail.sp1.yahoo.com>
Date: Thu, 20 Sep 2007 11:05:51 -0700 (PDT)
From: Fake Reports <fakereports@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Save FD from idiots - Vaibhav Pandey doesn't know
	how to clone cookies - How LAME!!! :X

While I was reading through the lame reports by Aditya
K Sood which look less like research and more
plagiarism, I also happened to make an amazing
discovery about Vaibhav Pandey who made a false claim
to have found a serious orkut bug a couple of weeks
ago.

Vaibhav is a member of an Orkut community called
Hackers Library, an equally lame group of idiots. When
he made his silly disclosure about the so-called
serious Orkut bug in the community, one member
objected, "a few members objected that what he has
reported doesn't qualify to be a vulnerability since
it requires network sniffing for exploitation."

Vaibhav Pandey said, "Not exactly.. because all
websites in the world do not use GET pattern for
fetching important and secure data.. hope you are
getting the point..".

I say, Vaibhav Pandey, don't be an idiot and get your
facts right. Most of the HTTPS requests that you make
everyday are also GET requests. Now, if Vaibhav Pandey
thinks the data in an HTTPS tunnel is not secure and
important, he must die and improve our gene pool.

Further in the discussion that took place here:-
http://www.orkut.com/CommMsgs.aspx?cmm=1162977&tid=2553634938994390060&na=3&nst=11&nid=1162977-2553634938994390060-2555181462236326948
he confessed, "As per the knowledge i have, i feel
even if the user is able to sniff the Cookie; he/she
will then need to clone the cookies in his/her browser
to actually make use of them. Are thr any tools
available for cloning cookies? I heard Hamster is the
one that is going to be released soon. Lemme know."

No wonder why these idiots are spoiling the name of
India. This guy doesn't even know how to clone a
cookie but goes on making publicity stunts about
absurd claims just to get 15 minutes of fame.

I say, screw Vaibhav Pandey, screw Aditya K Sood,
screw Ankit Fadia.


       
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ