lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 1 Aug 2010 23:30:42 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: "coderman" <coderman@...il.com>, "Christian Sciberras" <uuf6429@...il.com>,
	"Zach C" <fxchip@...il.com>, <Valdis.Kletnieks@...edu>,
	"Elazar Broad" <elazar@...hmail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Day of bugs in WordPress 2

Hello guys!

I'm glad that I gave you such occasion for discussion. Even it was just an
announcement :-).

As I already told Canberk (from Full-disclosure), at 30.07.2010 I've already
conducted my new project. And if in first Day of bugs in WordPress I
published 81 vulnerabilities, then in second project I published 8
vulnerabilities, but all of them are interesting (especially the
more complex holes). Soon I'll publish English descriptions of these
vulnerabilities (one by one the three advisories which I made in the
project) to Bugtraq and Full-disclosure mailing lists.

Concerning using text editors in context of security. As you can understand
using text editors doesn't influence directly on improving security. And
Christian wrote arguments about that. It's one thing to write webapps for
the site from scratch, and other thing to use existent software (and in both
cases webapps can be vulnerable) - e.g. people can use text editors for
editing scripts in WordPress or Drupal. From other side, if people are using
text editors for developing their sites (even on CMS), then it's require
higher level of knowledge for them, so they need to be more advanced web
developers (which in result leads to improving of security of their sites).

Valdis also wrote good arguments on this topic. So there are indirect
benefits of using text editors (aka advanced web developing approach), as
concerning security, as concerning quality of content in Internet.

Summarizing, not using of text editor itself leads to improving of security,
but it's about attitude to security. If people attend to security of their
webapps and web sites (regardless of what plain text editor or WYSIWYG
editor they are using), then it'll lead to improving of security.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: "coderman" <coderman@...il.com>
To: "MustLive" <mustlive@...security.com.ua>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, July 30, 2010 1:02 AM
Subject: Re: [Full-disclosure] Day of bugs in WordPress 2


> On Thu, Jul 29, 2010 at 1:56 PM, MustLive <mustlive@...security.com.ua>
> wrote:
>> ...
>> I want to inform readers of the list about new project - Day of bugs in
>> WordPress...
>
> Hewlett Packard has a soul mate! anyone who cares uses Drupal or other
> decent [0] and the wp people keep patching vulns via one-off escapes
> and parameter renaming.
>
> my condolences if diligence deems more than a few hours requisite for
> such audit amusement. ;)
>
>
>
> 0. of course, Real (TM) women/men/earth-human hackers code their own
> python gevent based publishing pipe...


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ