Full Disclosure mailing list archives
Re: Securityfocus fall for n3td3v agenda to show up the security company
From: n3td3v <xploitable () gmail com>
Date: Fri, 28 Jul 2006 03:36:38 +0000
On 7/28/06, whistles <4whistles () gmail com> wrote:
On 7/27/06, n3td3v <xploitable () gmail com> wrote: > Introduction: > > If it wasn't for my Fool-Disclosure thread > http://groups.google.com/group/n3td3v/browse_thread/thread/c700b86a2c70e4cb > about F-Secure you can bet this http://www.securityfocus.com/brief/264 > article wouldn't be on Securityfocus.com right now, and that is the > point of what I was upto. > --snipped rambling grandiose blathering You have saved the world again N3td3v, Congrats and many thanks from a mere mortal!!!!!
I have socially engineered him for what his company is worth, nothing but drama queens who pretend theres a XSS worm threat when there isn't. The only worm ever to appear with XSS was a harmless Myspace worm, yet both companies are saying things are critical and that the internet is rife with wormable XSS flaws, just to advertise to any would-be attacker who didn't know, to make sure they know now. There wasn't originally a threat in reality, but you can be sure they've just created a threat by talking up the attack vector of XSS worms on social network sites. F-Secure was originally in the wrong to report their recent "Your new friend is a worm" blog entry, but Securityfocus was even more in the wrong by copying their stance and acting in the same bad taste as F-Secure. You can bet they'll be an XSS worm on a social network doing something malicious in the next 6 to 12 months now, and you have F-Secure and Securityfocus to thank. This is the damage the two irresponsible vendors have the ability to cause by reporting on false postiive security threats, just to encourage security incidents and encourage "rent a quote" people to play a lip service song on their hyped-up security threats and profit margins. Securityfocus and F-Secure in my opinion want an outbreak of social networking XSS worms, and now someone will be stupid enough to be infulenced by them and give them what they want. Securityfocus and F-Secure have clever ways of justifying what they do, but I guess they under estimate the intelligence of you and me in the security community not to see through what they are really upto. While they can get away with it legally, they can't get away from the moral wrong doings in the mind of the security community. Both companies are guilty in my personal opinion of _incitement_ to cause a security incident in relation to XSS worms on social networking sites, but these companies get away with similar all the time, so I guess they are allowed to do what they do under some warped journalistic guidelines. I know theres no XSS worm threat, Securityfocus know theres no XSS worm threat, F-Secure know theres no XSS worm threat, and everyone in the security community knows theres no XSS worm threat, so why talk up an XSS worm threat when there isn't one? Unless you want one to happen. I conclude to say this is proof theres no moral responsibility in security news journalism anymore, if there ever was any, and this needs to change and fast. Theres nothing we can do now, the damage has been done, we can only hope and pray the worst doesn't occur, a fully fledged malicious XSS worm on a social networking web site. n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Securityfocus fall for n3td3v agenda to show up the security company n3td3v (Jul 27)
- Re: Securityfocus fall for n3td3v agenda to show up the security company whistles (Jul 27)
- Re: Securityfocus fall for n3td3v agenda to show up the security company n3td3v (Jul 28)
- Re: Securityfocus fall for n3td3v agenda to show up the security company J. Oquendo (Jul 28)
- Re: Securityfocus fall for n3td3v agenda to show up the security company n3td3v (Jul 28)
- Re: Securityfocus fall for n3td3v agenda to show up the security company whistles (Jul 27)