Full Disclosure mailing list archives
Re: F-Secure to release XSS "potential dangers"
From: xyberpix <xyberpix () xyberpix com>
Date: Fri, 28 Jul 2006 22:05:51 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have nothing against F-Secure reporting the bug, I only have something against F-Secure supplying information on how to use an XSS vulnerability properly in which to cause the most damage to the Netscape web site.
Most books on Web Application hacking will freely give out this info and so wil most sites without having to look too far.
If you read my post and the F-Secure blog properly, you'll see they reported that the vulnerability wasn't exploited fully, and F-Secure promised to publish information to show attackers how to do the job properly.
Personally, I do think that this is the only way that major corps are going to see how bad things could be.
Thanks for your attempt to wind me up, you almost succeeded.
On the one, from my side, you seem to have calmed downed a hell of a lot lately, and to be honest, I'm actually reading what you write these days, keep it up, it's great to see!
I am not trying to start another flame war here, personally I think that n3td3v has come a long way recently.
xyberpix -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFEynwvjoyYcOmj6B8RAohRAJwNyFD6ZBL/t4KuIOcllPC+ZZyE7wCgpb44 zHuNu8LP8NpUrK+qO3XcyKE= =lX6i -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- F-Secure to release XSS "potential dangers" n3td3v (Jul 26)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 26)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" Dan B (Jul 27)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" xyberpix (Jul 28)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 26)
- Re: F-Secure to release XSS "potential dangers" Valdis . Kletnieks (Jul 26)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- Re: F-Secure to release XSS "potential dangers" c0ntex (Jul 27)
- RE: [lists] Re: F-Secure to release XSS "potential dangers" Curt Purdy (Jul 28)
- Re: F-Secure to release XSS "potential dangers" n3td3v (Jul 27)
- <Possible follow-ups>
- Re: F-Secure to release XSS "potential dangers" Mike M (Jul 26)