Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: F-Secure to release XSS "potential dangers"

From: xyberpix <xyberpix () xyberpix com>
Date: Fri, 28 Jul 2006 22:05:51 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



I have nothing against F-Secure reporting the bug, I only have
something against F-Secure supplying information on how to use an XSS
vulnerability properly in which to cause the most damage to the
Netscape web site.
Most books on Web Application hacking will freely give out this info and so wil most sites without having to look too far. 



If you read my post and the F-Secure blog properly, you'll see they
reported that the vulnerability wasn't exploited fully, and F-Secure
promised to publish information to show attackers how to do the job
properly.
Personally, I do think that this is the only way that major corps are going to see how bad things could be. 



Thanks for your attempt to wind me up, you almost succeeded.
On the one, from my side, you seem to have calmed downed a hell of a lot lately, and to be honest, I'm actually reading what you write these days, keep it up, it's great to see!
I am not trying to start another flame war here, personally I think that n3td3v has come a long way recently. 

xyberpix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEynwvjoyYcOmj6B8RAohRAJwNyFD6ZBL/t4KuIOcllPC+ZZyE7wCgpb44
zHuNu8LP8NpUrK+qO3XcyKE=
=lX6i
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: