Dailydave mailing list archives
Re: What is the state of vulnerability research?
From: "Thomas Pollet" <thomas.pollet () gmail com>
Date: Sat, 18 Feb 2006 14:33:34 +0100
Hi,
Do you ever wonder about the cut and paste kiddies discovering XSS and SQL injection vulnerabilities? Why they find a vuln in a product, then a week later another person finds a different vuln in the same version of the same product? How could the original person miss it? Easy, because they
Personally I had as much fun 'cut&pasting' <script>alert(1337)</script> tags as pushing buttons on ps2 gamepad while playing ssx. Too bad you don't understand me if I say I have some fun in breaking webcodes. I could write a couple of pages about the stupidity of your elitist behaviour. Why waste time on a troll post. I am just a hobby hacker, you are the security pro and a future nobel price laureat. I lose. Everybody makes mistakes once in a while, but some mistakes are worse than others. How do we know the products we use are made by people who want to put as little mistakes as possible in production? Audit every piece of code we use to the bone? Check the security history of a product? Sorry for the rant but I felt insulted, maybe it's the truth in it that hurts most. Let's make it up with some xss ohdays: WEBInsta Limbo, DEV web management system, PHPX, e107, phpbb. If the vuln db's were hitcharts I'd be singing schlagers wearing lederhosen, and I'm not even German. Good thing I got tired of 'webaudits' anyway. Maybe after all there's life beyond security. Greets, Thomas
Current thread:
- What is the state of vulnerability research? Steven M. Christey (Feb 16)
- Re: What is the state of vulnerability research? MindsX (Feb 16)
- Re: What is the state of vulnerability research? security curmudgeon (Feb 16)
- Re: What is the state of vulnerability research? Thomas Pollet (Feb 18)
- Re: What is the state of vulnerability research? security curmudgeon (Feb 16)
- Re: What is the state of vulnerability research? Etaoin Shrdlu (Feb 18)
- Re: What is the state of vulnerability research? security curmudgeon (Feb 21)
- Re: What is the state of vulnerability research? foofus (Feb 22)
- <Possible follow-ups>
- Re: What is the state of vulnerability research? Steven M. Christey (Feb 16)
- Re: Re: What is the state of vulnerability research? MindsX (Feb 18)
- Re: Re: What is the state of vulnerability research? jnf (Feb 21)
- Re: Re: What is the state of vulnerability research? security curmudgeon (Feb 21)
- Re: Re: What is the state of vulnerability research? MindsX (Feb 18)
- Re: What is the state of vulnerability research? Steven M. Christey (Feb 22)
- Re: What is the state of vulnerability research? MindsX (Feb 16)