Full Disclosure mailing list archives
Re: New Web Vulnerability - Cross-Site Tracing
From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: 22 Jan 2003 18:49:46 -0800
On Wed, 2003-01-22 at 18:28, Tim Greer wrote:
Well being a security expert in the field I can hardly comment on specifics but yes... it does happen. Often? Whats Often?Being a security expert? Well, I don't want to get personal, and it's been a few years since I've seen what you're doing lately, but it's only been a few years and I don't want to get into it and explain my doubts about you suddenly becoming a 'security expert' since that time. Just claiming to be a leading expert in this field doesn't make it factual, nor that you are more qualified than other people that are in this field. Your article is hyped up nonsense and anymore of these XSS issues being hyped up, I'm going to friggin' loose it.
Tim, its been a long time. Good to see you to.
<snip the rest of the nonsense> Really, nothing personal, but this is ridiculous. However, I don't intend to debate or argue on the list about this, so I'll end on that note. If you believe what you say in your article, you should go an example this in a real-world environment and who us all how 'frightening' this is. :-)
Well thats good, I dont intend to argue silly points either. Idea is simply present security results as we understand them. So did you have questions about the theory presented? About whom is using XST in the wild? I havent seen it used in the wild yet personally. So I cant say that it is or isnt. I just dont know. I would hope it wont be. But thats kinda besides the tech and understanding of the potential. We can get technical and I can answer whatever questions you have. Let me know where your getting lost and I'll help ya out. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: New Web Vulnerability - Cross-Site Tracing Jeremiah Grossman (Jan 22)
- <Possible follow-ups>
- Re: New Web Vulnerability - Cross-Site Tracing xss-is-lame (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing Jeremiah Grossman (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing Tim Greer (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing Jeremiah Grossman (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing Tim Greer (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing Jeremiah Grossman (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing H D Moore (Jan 23)
- Re: Re: New Web Vulnerability - Cross-Site Tracing zeno (Jan 23)
- Re: Re: New Web Vulnerability - Cross-Site Tracing Thor Larholm (Jan 23)
- RE: Re: New Web Vulnerability - Cross-Site Tracing Richard M. Smith (Jan 23)
- Re: Re: New Web Vulnerability - Cross-Site Tracing Michal Zalewski (Jan 24)