| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Oct 2007 13:15:54 -0400 From: <full-disclosure@....hush.com> To: <full-disclosure@...ts.grok.org.uk>,<rembrandt@...erlin.de> Subject: Re: Netgear SSL312 XSS vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What? On Wed, 17 Oct 2007 14:15:31 -0400 rembrandt@...erlin.de wrote: >Dear SkyOut, dear Packetstorm team (tedd :)) and dear List. > >The author brocke a NDA during the releasing of this "uber"- >Advisory. > >Skyout: What the fuck is wrong with u? Even ignoring our mails... >wow? >We provided the Router, told him to take a look and he angreed to >a NDA. > >Do I care if you release a XSS? Hell no... >But I care if you accapted a NDA because of other internal things. > >Did you found it by yourself? Well not realy... (We provided a >router, >told you to take a look for XSS....) Is it uber-critical? Not >realy >either... Could you've released it anyway? Sure.. but you didn't >asked >and pissed off about 9 different people. > >Skyout: And for what? For a Advisory about a XSS... great job. > >Btw: "Cryptocrew" Members: This guy is seriously NOT trustworthly. >I just mention it in case you may consider to hire him.... > >This XSS is nothing we wanan sue you for but a NDA is a NDA. >And if you come along and tell me "Well I didn#t signed anything" >I#ve >at least 7 people handy who can ensure that you angreed to a NDA. > >A NDA is a NDA that's what you need to learn Skyout, rly.. > >If you start talking about other internal things be sure we'll >consider >to take further steps and because you don't answer any mail let me >mention that in here.... > >And dear list: It's nothing about the XSS but about the NDA he >brocke >to release it... I'm sure if he wants to take his postings as >reference >this should get mentioned either.... > > >Kind regards, >Rembrandt (+ the friends you had) > >p.s. >Greets go to t3c0 who noticed the XSS at first but had no time to >write >about it (and no serious interest). >This should get mentioned as well so hopefully some archives >update >their "news". >And Skyout.. I told ya you're not the first who analyses it. > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcXlMoACgkQqTTbVuUWvbKj1gQAjbroKuNR+blbmuCp9OGYo2eiiYTY ruMyi5FDpOYV+oUdEKCrdZLTHL3S5HlfS22SL1BlhuX/UTm+m5LOaUHH0uoGAeHACxKE nHVP/182+KOgEeYox1HzT+dSsh8WkqwUFFLBgl51zV0iaLIJBEsoa7o2zVeJAMln2WOO 3wBEhDs= =8vNh -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists