Re: Month of ActiveX Bug

[Felix von Leitner <felix-fulldisclosure () fefe de>]

>    Looks like this has turned into the Month of Officeocx bugs, since the
>    first 3 are components sold in that package.

>    <snore...>

So, where are you ActiveX bugs, then?  Ever found anything?  Ever?
I think you couldn't find your way out of your garage, but that's just
me.

Why don't you do a month of eweek bugs.  We won't limit you at all.  Any
bug counts.  Even XSS bugs in open source perl webmail apps.  Anything?
Do you have even ONE?

Didn't think so.

>    Larry Seltzer
>    eWEEK.com Security Center Editor
>    [1]http://security.eweek.com/
>    [2]http://blogs.eweek.com/cheap_hack/
>    Contributing Editor, PC Magazine
>    larryseltzer () ziffdavis com

Yeah, man, that is, like, an impressive .sig, man.
And your credentials are stunning.  Stunning!1!!

Overall, your whole work is breathtaking.  You just reported on
Symantec's "ThreatCon" level going down from 2 to 1.  Your mom must be
so proud of you.  It takes some serious training to do that.

And I can only imagine what a high point that /Gs idea of yours was,
particularly when someone pointed you to the public blog entry in
Michael Howard's blog that says they already have it.  Lesser people
would have googled before blogging, uh, writing a column about it, but
not you.

Have you ever done anything in your life that could explain even half
the ego you give us the privilege to be showered with here?

Felix

PS: Nothing personal, I hate all journalists who piss on other people's
bug finding efforts, but then make money reporting on said bugs.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/