Full Disclosure mailing list archives
Re: morning_wood should stop posting xss vulns insites and fix his own site.
From: Karl DeBisschop <kdebisschop () alert infoplease com>
Date: 27 Jul 2003 14:12:41 -0400
On Sun, 2003-07-27 at 00:07, mattmurphy () kc rr com wrote:
my site is my site, why are you telling me to "fix" it? I knew it's 404 has xss before any of you did. Whats the big deal what my site has or hasnt... hmm? If you dont like my stuff, dont read it, my name is on every one of my posts.. every hear of filter? I dont read several advisories here based on title alone.. am i missing out? mby, mby not.. are you? XSS is a seecurity issue plain and simple, and "my site" can have or have not whatever i please, i suggest not visiting then, >hell.. why are you even bothering to visit if you dont like.. Donnie, the point is that if you complain, don't make the same mistake.
Do you take it as a complaint? As one of the sites listed in a recent posting from Donnie, I take it as information that allows me to make the site better. There was a one character typo which I found as a result of his notice. Easily fixed, case closed.
You're a hypocrite to call XSS a security issue, and then (knowingly) make the same error. It's not that hard to write a simple fix...
I chanced to observe some other sites did not make the fix -- if Donnie sent out one reminder for each time someone said he should stop posting about XSS, then it would get annoying. But he does not. What is annoying is all the static it generates. Donnie, I think you look best when you manage to stay above the fray - its really not worth responding to the bait. To all others, whether it is is serious security issue or not, it is a security issue. And his posting is a small part of the site traffic. Can't we just be calm and not get so carried away with the personal accusations? -- Karl DeBisschop <kdebisschop () alert infoplease com> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: morning_wood should stop posting xss vulns insites and fix his own site. mattmurphy () kc rr com (Jul 26)
- Re: morning_wood should stop posting xss vulns insites and fix his own site. Karl DeBisschop (Jul 27)