Re: New Web Vulnerability - Cross-Site Tracing

[Jeremiah Grossman <jeremiah () whitehatsec com>]

On Wed, 2003-01-22 at 18:28, Tim Greer wrote:

> > Well being a security expert in the field I can hardly comment on
> > specifics but yes... it does happen. Often? Whats Often?
>
> Being a security expert? Well, I don't want to get personal, and it's been a
> few years since I've seen what you're doing lately, but it's only been a few
> years and I don't want to get into it and explain my doubts about you
> suddenly becoming a 'security expert' since that time. Just claiming to be a
> leading expert in this field doesn't make it factual, nor that you are more
> qualified than other people that are in this field. Your article is hyped up
> nonsense and anymore of these XSS issues being hyped up, I'm going to
> friggin' loose it.


Tim, its been a long time. Good to see you to.


> <snip the rest of the nonsense> 
> Really, nothing personal, but this is ridiculous. However, I don't intend to
> debate or argue on the list about this, so I'll end on that note. If you
> believe what you say in your article, you should go an example this in a
> real-world environment and who us all how 'frightening' this is. :-)


Well thats good, I dont intend to argue silly points either. Idea is
simply present security results as we understand them. So did you have
questions about the theory presented? 

About whom is using XST in the wild? I havent seen it used in the wild
yet personally. So I cant say that it is or isnt. I just dont know. I
would hope it wont be. But thats kinda besides the tech and
understanding of the potential.

We can get technical and I can answer whatever questions you have. Let
me know where your getting lost and I'll help ya out.




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html