Full Disclosure mailing list archives
Re: F-Secure to release XSS "potential dangers"
From: Dan B <dan-fd () f-box org>
Date: Thu, 27 Jul 2006 17:33:44 +0200
Hi, n3td3v wrote:
You missed the point of my post. I have nothing against F-Secure reporting the bug, I only have something against F-Secure supplying information on how to use an XSS vulnerability properly in which to cause the most damage to the Netscape web site.
F-Secure have not stated this in their posting to their weblog.
If you read my post and the F-Secure blog properly, you'll see they reported that the vulnerability wasn't exploited fully, and F-Secure promised to publish information to show attackers how to do the job properly.
Incorrect. And I quote from http://www.f-secure.com/weblog/archives/archive-072006.html#00000927 "We'll finish our draft with more on the potential dangers of XSS for you soon." This in no way states that they are going to release details of current live XSS.
Thanks for your attempt to wind me up, you almost succeeded. n3td3v
And if you take a look at: http://www.f-secure.com/weblog/archives/archive-072006.html#00000930 They do exactly that... DISCUSS the risks/dangers, NOT the details. You really should read peoples words more carefully before responding. Cheers, Dan. PS. It's Thursday, nearly the weekend! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- F-Secure to release XSS "potential dangers" n3td3v (Jul 26)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 26)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" Dan B (Jul 27)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" xyberpix (Jul 28)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 26)
- Re: F-Secure to release XSS "potential dangers" Valdis . Kletnieks (Jul 26)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 27)
- RE: [lists] Re: F-Secure to release XSS "potential dangers" Curt Purdy (Jul 28)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- <Possible follow-ups>
- Re: F-Secure to release XSS "potential dangers" Mike M (Jul 26)