Full Disclosure mailing list archives
Re: on xss and its technical merit
From: Byron Sonne <blsonne () rogers com>
Date: Wed, 12 Dec 2007 12:45:31 -0500
Its not a sexy beast that you can blog about
That hasn't stopped some people ;) I've done some serious thinking about this, and I've come to the conclusion that hacking at web stuff is innately boring. Maybe it's like watching bicycling on TV; fun to do but boring as hell to watch or listen to other people talk about. Ooooh xss csrf htmlmnopqrstuvwxyz bah! The only thing possibly interesting about it is the target, what you scam them for, or what you get access to. The problem is that anything www facing is pretty much in the realm of the sheep, so of course almost everything is going to be rotten with holes. You have community colleges pumping out 'web experts' or dudes who read a redhat+apache+php+mysql+foo howto and now are seen as gurus. In terms of a technically interesting challenge, it sounds about as exciting as picking fights with 10 year olds. Shit man, most of this stuff is more about fooling people than anything. Yawn. I was bored tricking or weaseling passwords out of datacentre employees over the phone 20 years ago. Now I'm supposed to get excited 'cos some retards are doing it over the web?
If an app is vuln to XSS chances are the rest of the app is crap anyways...
A safe assumption. In fact, if it's on the web, it's a safe assumption it's crap anyways. Or is that Crap2.0? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: on xss and its technical merit reepex (Dec 09)
- <Possible follow-ups>
- Re: on xss and its technical merit coderman (Dec 12)
- Re: on xss and its technical merit Byron Sonne (Dec 12)
- Re: on xss and its technical merit Jay (Dec 12)
- Re: on xss and its technical merit Byron Sonne (Dec 12)
- Re: on xss and its technical merit J. Oquendo (Dec 12)
- Re: on xss and its technical merit Byron Sonne (Dec 12)
- Re: on xss and its technical merit Fredrick Diggle (Dec 12)
- Re: on xss and its technical merit Joao Inacio (Dec 12)
- Re: on xss and its technical merit Fredrick Diggle (Dec 12)
- Re: on xss and its technical merit Morning Wood (Dec 13)
- Re: on xss and its technical merit Fredrick Diggle (Dec 13)
- Message not available
- Re: on xss and its technical merit Fredrick Diggle (Dec 13)
- Re: on xss and its technical merit Joao Inacio (Dec 12)
- Re: on xss and its technical merit Fredrick Diggle (Dec 12)
- Re: on xss and its technical merit Byron Sonne (Dec 12)