Re: morning_wood should stop posting xss vulns insites and fix his own site.

[Karl DeBisschop <kdebisschop () alert infoplease com>]

On Sun, 2003-07-27 at 00:07, mattmurphy () kc rr com wrote:
> > my site is my site, why are you telling me to "fix" it? I knew it's 404
> > has xss before any of you did.
> > Whats the big deal what my site has or hasnt... hmm? If you dont like my
> > stuff, dont read it, 
> > my name is on every one of my posts.. every hear of filter? I dont read
> > several advisories here based on title alone.. am i missing out? mby, mby
> > not.. are you? XSS is a seecurity issue plain and simple, and "my site"
> > can have or have not whatever i please, i suggest not visiting then, >hell
> .. why are you even bothering to visit if you dont like.. 
>
> Donnie, the point is that if you complain, don't make the same mistake.

Do you take it as a complaint? As one of the sites listed in a recent
posting from Donnie, I take it as information that allows me to make the
site better. There was a one character typo which I found as a result of
his notice. Easily fixed, case closed.

> You're a hypocrite to call XSS a security issue, and then (knowingly) make
> the same error.  It's not that hard to write a simple fix...

I chanced to observe some other sites did not make the fix -- if Donnie
sent out one reminder for each time someone said he should stop posting
about XSS, then it would get annoying. But he does not. What is annoying
is all the static it generates.

Donnie, I think you look best when you manage to stay above the fray -
its really not worth responding to the bait. To all others, whether it
is is serious security issue or not, it is a security issue. And his
posting is a small part of the site traffic. Can't we just be calm and
not get so carried away with the personal accusations?

-- 
Karl DeBisschop <kdebisschop () alert infoplease com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html