Full Disclosure mailing list archives
Re: Re: Google is vulnerable from XSS attack
From: "sk / GroundZero" <fd-list () g-0 org>
Date: Fri, 9 Dec 2005 17:28:42 +0100
Guys, don't be haters. n3td3v found a CRITICAL HOLE in one of the worlds biggest online products. He may not be the most popular face on this list, but his reputation stands firm. And now he's proven himself. You can't argue with that. It's solid. Those of you casting disparagements need to look carefully in the mirror and consider what you have contributed to this list. Have you found any XSS holes? Have you found any SQL holes. You be lucky to find your own pie holes. No? What? You've found no SQL injections? You're not a haxer. Sitting on this list riding on the backs of real researchers like our man here.
i found various holes over the years some have been made public and some stay undisclosed. i wrote exploits for local/remote buffer overflows, format strings, integer overflows etc hell even bss segment overflows but thats rater PoC as i never really spotted them "in-the-wild". anyhow, its not that i want to show off or anything, i just want to tell you that i know what i'm talking about. i dont sit here and post just because i have nothing better todo, but its annoying me to see some kid act like he is the best security researcher ever, just because he found some LAME XSS flaw. well most people tend to just ignore such trolls, but if noone tells him how stupid he is, he will continue to annoy us with his stupid postings. also its not hard at all to spot XSS or SQL injection bugs. that is the most basic auditing. i have yet to see any usefull code from him. finding sql injection bugs doesnt require you to be a hacker.
It's indisputable. He has proven contacts, a proven track record, and an ever growing war belt with TINY SHRUNKEN HEADS of the biggest companies today hanging from it. Google. Yahoo. IBM. Linux.
ok either you are a good friend of him or you are just n3td3v under an anonymous handle. i belive you are n3td3v, but ok lets say you arent then you need to crawl out of his ass and stfu, since judging by your comments you arent much into security at all. oh and by the way, LINUX isnt a company :P
The fellow may be lacking in personal skills, but most eccentric high flyers seem to share that trait. Einstein couldn't hold a marriage. Or like da Vinci and his oftentimes hard relationships with his young assistants. Nicolas Tesla held groundbreaking ideas but was discredited by two-bit hacks shouting him down from the sidelines. Hmm does that sound familiar? Yeah, without researchers like n3td3v working on these things, the whole system would just be falling apart all willynilly.
yea real security professionals who actually work hard to find new technics, take hours of work to write an exploit for a double free() and not some stupid xss flaws. sure xss can be a security risk, but most of the time its nothing and all low risk. many people filter out XSS postings even. there is no hard work needed to find a xss flaw at all.
So I think it's time to start acting like professionals. You want some cred, you've got to plug some holes. And then keep on plugging some more, even after you think they're completely plugged. Like MC Hammer did.
shut up n3td3v´(clone) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: famouse n3td3v quotes!, (continued)
- RE: famouse n3td3v quotes! Scott Schappert (Dec 08)
- Re: famouse n3td3v quotes! InfoSecBOFH (Dec 08)
- Re: famouse n3td3v quotes! Michael Tewner (Dec 08)
- Re: famouse n3td3v quotes! Paul (Dec 09)
- Re: famouse n3td3v quotes! Kevin Ponds (Dec 08)
- Re: famouse n3td3v quotes! Micheal Espinola Jr (Dec 08)
- Re: famouse n3td3v quotes! Jeff Rosowski (Dec 19)
- Re: Re: Google is vulnerable from XSS attack Mike Hoye (Dec 07)
- Re: Re: Google is vulnerable from XSS attack ghost (Dec 08)
- Message not available
- Re: Re: Google is vulnerable from XSS attack Tatercrispies (Dec 09)
- Re: Re: Google is vulnerable from XSS attack sk / GroundZero (Dec 09)
- Re: Re: Google is vulnerable from XSS attack n3td3v (Dec 09)
- RE: Re: Google is vulnerable from XSS attack Paul (Dec 07)
- RE: Re: Google is vulnerable from XSS attack Joseph Pierini (Dec 07)