Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What the f*** is going on?

From: root <root_ () fibertel com ar>
Date: Tue, 22 Feb 2011 17:21:51 -0300
On 02/22/2011 02:11 PM, Michal Zalewski wrote:

I mean, if these are the security industry's geniuses, why, what would the
writers of Stuxnet be?


...seriously?


Disclosing how their epic story simply involved SQLi, well, what about the
guys discovering 0days in native code?


Totally. I have long postulated that perl -e '{print "A"x1000}' is
considerably more l33t than <script>alert(1)</script> or ' OR '1' ==
'1.

I don't understand the point you are getting at. I think that the more
interesting aspect of this story are the egregious practices revealed
in that write-up (and elsewhere):

http://lcamtuf.blogspot.com/2011/02/world-of-hbgary.html

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



I know many of you web people feel bad about it, but the truth it that
you don't automatically execute stuff with perl -e '{print "A"x1000}'
IMHO it really is considerably more l33t.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: