lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <58DB1B68E62B9F448DF1A276B0886DF194D9CDB8@EX2010.hammerofgod.com>
Date: Mon, 26 Mar 2012 17:29:28 +0000
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: "fulldisclosure@...aeros007.org" <fulldisclosure@...aeros007.org>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Apple IOS security issue pre-advisory record

Making a conclusion of community behavior, good or bad, based on some indication of a number of clicks on some link is non sequitur.   I actually don't see any reason why one would be surprised by a "security community" following links anyway.  I've got a VM specifically used for this type of thing, and I know many others do as well.  Many probably *want* the link to be malicious so they can analyze and harvest any potential attack and see if it is new or interesting.   There is no corollary to qualified behavior from some ambiguous report that "300 security researchers who should have known better."  

t


> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-
> bounces@...ts.grok.org.uk] On Behalf Of fulldisclosure@...aeros007.org
> Sent: Monday, March 26, 2012 9:19 AM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Apple IOS security issue pre-advisory record
> 
> 
> Hello,
> 
> I'm one those who clicked on it (and to make matters wors : after it was
> discover and discussed).
> 
> Why I click on it : it's a big thread and wanted to begin the reading with the
> first post ^^.
> 
> The fact that I run it on a noscript activated up to date firefox doesn't change
> the fact that I run it without too much attention and I'm the one to blame it.
> 
> So for the possible "aggressive reacions" : yes, but only about myself.
> 
> To be frank, the first things I was thinking after seeing what was the link was
> "well : owned like a newbie".
> 
> Cordially.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ