lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20071017201531.b9eee659.rembrandt@jpberlin.de>
Date: Wed, 17 Oct 2007 20:15:31 +0200
From: rembrandt@...erlin.de
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Netgear SSL312 XSS vulnerability

Dear SkyOut, dear Packetstorm team (tedd :)) and dear List.

The author brocke a NDA during the releasing of this "uber"-Advisory.

Skyout: What the fuck is wrong with u? Even ignoring our mails... wow?
We provided the Router, told him to take a look and he angreed to a NDA.

Do I care if you release a XSS? Hell no...
But I care if you accapted a NDA because of other internal things.

Did you found it by yourself? Well not realy... (We provided a router,
told you to take a look for XSS....) Is it uber-critical? Not realy
either... Could you've released it anyway? Sure.. but you didn't asked
and pissed off about 9 different people.

Skyout: And for what? For a Advisory about a XSS... great job.

Btw: "Cryptocrew" Members: This guy is seriously NOT trustworthly.
I just mention it in case you may consider to hire him....

This XSS is nothing we wanan sue you for but a NDA is a NDA.
And if you come along and tell me "Well I didn#t signed anything" I#ve
at least 7 people handy who can ensure that you angreed to a NDA.

A NDA is a NDA that's what you need to learn Skyout, rly..

If you start talking about other internal things be sure we'll consider
to take further steps and because you don't answer any mail let me
mention that in here....

And dear list: It's nothing about the XSS but about the NDA he brocke
to release it... I'm sure if he wants to take his postings as reference
this should get mentioned either....


Kind regards,
Rembrandt (+ the friends you had)

p.s.
Greets go to t3c0 who noticed the XSS at first but had no time to write
about it (and no serious interest).
This should get mentioned as well so hopefully some archives update
their "news".
And Skyout.. I told ya you're not the first who analyses it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ