lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 23 Sep 2007 11:48:18 +0530
From: "Sachin Jindal" <technobuster@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: About Vaibhav Pandey's stupidity and idiocy in
	web security

Hi

I am a member of Hackers Library community of Orkut. One member of
Full Disclosure has called our community a member of idiots because of
Vaibhav Pandey's foolishness in wrongly analyzing an Orkut bug as
serious. I am not here to defend Vaibhav Pandey because no doubt he is
a fool who feels anything that requires net sniffing is a
vulnerability. I am here to defend HL community.

The full disclosure threads I am talking about are...

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065651.html
(Fake claim by Vaibhav Pandey regarding Google	acknowledging a
vulnerability)

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065911.html
(Save FD from idiots like Vaibhav Pandey doesn't know how to clone
cookies)

I want to clarify that HL community has nothing to do with Vaibhav
Pandey and does not acknowledge the lame claims of Vaibhav Pandey. In
fact some members of HL community objected the claims and ridiculed
him for boasting about discovering vulnerabilities without even the
knowledge of cloning cookies.

One member tried to explain him that if something requires
net-sniffing for exploitation, that can not be termed as serious
because many session management techniques are also susceptible to
net-sniffing. But Vaibhav Pandey couldn't learn anything and refuted
that it is very tough to clone cookies. Clearly Vaibhav Pandey doesn't
know a thing about web security and therefore should not be associated
with HL community in any way.  As a proof, one can see this thread:
http://www.orkut.com/CommMsgs.aspx?cmm=1162977&tid=2553634938994390060&na=2&nst=13

I request the members of FD to not attack an organization or community
merely because of a stupid claim by some of its member. Thank you.

And yeah, screw Aditya K Sood, screw Vaibhav Pandey. ;-)

- Sachin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ