Re: XSS vulnerabilities in Google.com

["GroundZero Security" <fd () g-0 org>]

yes you are right, but its like if noone tells him what a stupid fag he is,
he will keep posting and posting his irrelevant crap and just ignore the tons of private
mail he receives. i'm sorry for adding to the noise, but its just too tempting.
i try to ignore it. but i cant promise i will, the last mail he sent just asks for a reply :P
but ok...must...resist.....
btw my name is not groundzero, thats my company :)

greetz
-sk
Http://www.groundzero-security.com

----- Original Message ----- 
From: "php0t" <php0t () zorro hu>
To: "'GroundZero Security'" <fd () g-0 org>
Sent: Wednesday, December 21, 2005 5:06 PM
Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com


>   hi, groundzero.
>
> I agree whole heartedly and the dood pisses me off too, just like
> everybody else.
>
>   On the other hand, seeing him repeat google/yahoo again and again all
> the time and seeing the obvious-to-come replies makes my email alert
> fuck the mp3's up I'm listening to too often.
>
>   My idea is this: how'bout each time the guy posts something
> ridiculous, all of us who are grasping our heads tearing our last pieces
> of hair out thniking to ourselves 'omfgwtfd00d' just write him a private
> email containing talk-to-the-hand or something? This would achieve two
> things: 1) less noise on the list 2) instead of being able to reply
> endlessly with bullcrap to the thread, he would just have to deal with
> nobody giving a fuck about him in public, still 10 emails saying 'I
> don't care' whenever he makes a post.
>
>   Tell me if you think this sucks, it's just an idea.
>
> Php0t
>
>
>
>
> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk
> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of
> GroundZero Security
> Sent: Wednesday, December 21, 2005 4:54 PM
> To: n3td3v
> Cc: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>
>
> google or yahoo, google or yahoo ..blah go find some real bugs noone is
> jealous of you, we just think 
> its redicilous how you try to show off with your non existing skills and
> reputation. you are the greatest lamer i'v seen on this list sofar. so
> instead of braging about how great you are, you should actually try and
> learn about security then soon you will realize that your xss shit is
> just pathetic and nothing to be proud of. you think finding some simple
> xss in a website such as yahoo or google makes you superior to everyone
> else here ? 99% of the people on this list are more skilled than you,
> thats fact! so stop trying to show off it wont work. code a double
> free() remote exploit, then i would agree that you have skill. until you
> do that shut the fuck up kiddie. when i started over 11 years ago, you
> couldnt even spell the word computer. so please you should finally
> realize that you are at the wrong place. i mean look around how many
> people complain about you beeing annoying. oh and if you couldnt figure
> it out by now, groundzero is my company you little moron. -sk
> ----- Original Message ----- 
> From: "n3td3v" <xploitable () gmail com>
> To: "GroundZero Security" <fd () g-0 org>;
> <full-disclosure () lists grok org uk>
> Sent: Wednesday, December 21, 2005 4:26 PM
> Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com
>
>
> > Your argument for having Google and Yahoo vulnerabilities (especially
> > XSS) banned from FD is very poor. GroundZero or whoever you may be. 
> > Please get off the list and stop disrespecting others who do disclose 
> > vulnerabilities in Google And Yahoo
> >
> > On 12/21/05, GroundZero Security <fd () g-0 org> wrote:
> > > > Sure, but "google != howardsblog.com". A large part of the 
> > > > population (including myself) relies on Google's various services 
> > > > for day-to-day use. I sure as hell would not feel comfortable 
> > > > knowing that I'm using a service that can potentially leak my 
> > > > information.
> > >
> > > i'm not talking about some shitty site that noone knows, but a lof 
> > > of big websites have such vulnerabilities.
> > >
> > > > That's quite a blanket statement to make. I'm sure a few people in
>
> > > > the "security community" would like to know that there exists a 
> > > > vulnerability in a Google service.
> > >
> > > yeah maybe but if we end up posting about every site that offers 
> > > services to users and has xss issues then this list would be 
> > > reciving a flood of mails :P its not hard to test for xss, so if you
>
> > > are really so afraid of it go test it yourself and notify the 
> > > website owner.
> > >
> > > > No. But a site need not be audited to discover a bug.
> > >
> > > ah ok so you think illegal activity is the way to go ?
> > > you cant just audit any site you want you know, but hey
> > > if you want to get a visit from the feds why dont you audit some 
> > > gov/mil i'm sure there are lots of xss to discover :P
> > >
> > > > XSS can do a lot of harm. A compromised administrator account is 
> > > > generally a compromised server. There are some good XSS resources 
> > > > on the web you can read up on.
> > >
> > > no as they dont rely on /etc/passwd users but have their own 
> > > database usually via mysql or so and a compromised admin user on 
> > > some webinterface isnt always going to end up in compromise of the 
> > > whole server unless the admin is stupid enough to use the same 
> > > passwords for root and the webbased software. in most cases this 
> > > will only end up in control of the web parts i.e. some forum. i 
> > > agree that this is a problem, but its still not resulting in root 
> > > access on the shell. oh and i dont have to read about it so keep 
> > > your sarcasm to yourself.
> > >
> > > > Then, my friend, you have discovered a bug.
> > >
> > > mhm sure, imagine you find a DoS in your precious google, then you 
> > > would take them down and you really belive they would thank you for 
> > > that ? you would be raided in no time. you think they would belive 
> > > you that you did it only for a good cause ? yeah right...
> > >
> > >
> > > > "There are 10 types of people. Those who understand binary, and 
> > > > those who don't."
> > >
> > > you dont...
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/