Full Disclosure mailing list archives
Re: F-Secure to release XSS "potential dangers"
From: n3td3v <xploitable () gmail com>
Date: Thu, 27 Jul 2006 16:14:58 +0000
On 7/27/06, Dan B <dan-fd () f-box org> wrote:
"We'll finish our draft with more on the potential dangers of XSS for you soon."
. My translation: No malicious code was used in the Netscape hack, but we'll release tips and code examples soon to show everyone how you can use the Netscape vulnerability to cause the maximum damage, since these guys only know how to write pop-up dialog alert scripts with childish messages so far. I'm sure if they knew how to fully exploit the Netscape vulnerability, they would have done so, so we're just going to give them a helping hand by releasing a draft, with a carefully crafted title "potential dangers of XSS", we'll get away with it by calling it that. People will just think we're trying to scare vendors into taking XSS more seriously, but really, the aim of our draft will be to aid malicious users who didn't know how dangerous XSS was, and that theres more to XSS than just popping-up funny alert messages, just don't tell anyone our true intentions, we want to sound responsible and professional, while helping attackers by proxy at the same time. Remember, the bigger the attacks we can encourage, the more money we as F-Secure make. Any tactic to help attacks occur while on the surface looking responsible and professional, will help our profit and sell us more software. It gets boring in the summer at F-Secure when all the hackers are on vacation and sitting out on beaches getting a sun tan, so the more we can provoke these kind of attacks the better for our boredom as individual employees and the F-Secure brand as a whole. Remember, without the badguys with big hacks, we as F-Secure would have no reason to exist, so it makes since for us to do everything legally possible to show people how to hack in the greatest possible way. We'll release that potential dangers of XSS draft soon, stand by folks, our profit depends on it. Please check out our software, it will by coincidence protect you against everything we'll be mentioning in our "Potential dangers of XSS" draft. Stay safe folks, F-Secure is part of your security solution, and we're here to protect you. Don't listen to n3td3v when he says we want to create security incidents for our software to fix, that kind of idea is unthinkable. Check out our web site www.f-secure.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- F-Secure to release XSS "potential dangers" n3td3v (Jul 26)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 26)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" Dan B (Jul 27)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" xyberpix (Jul 28)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 26)
- Re: F-Secure to release XSS "potential dangers" Valdis . Kletnieks (Jul 26)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 27)
- RE: [lists] Re: F-Secure to release XSS "potential dangers" Curt Purdy (Jul 28)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- <Possible follow-ups>
- Re: F-Secure to release XSS "potential dangers" Mike M (Jul 26)