WebApp Sec mailing list archives
Re: New Web Vulnerability - Cross-Site Tracing
From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: 22 Jan 2003 18:49:46 -0800
On Wed, 2003-01-22 at 18:28, Tim Greer wrote:
Well being a security expert in the field I can hardly comment on specifics but yes... it does happen. Often? Whats Often?Being a security expert? Well, I don't want to get personal, and it's been a few years since I've seen what you're doing lately, but it's only been a few years and I don't want to get into it and explain my doubts about you suddenly becoming a 'security expert' since that time. Just claiming to be a leading expert in this field doesn't make it factual, nor that you are more qualified than other people that are in this field. Your article is hyped up nonsense and anymore of these XSS issues being hyped up, I'm going to friggin' loose it.
Tim, its been a long time. Good to see you to.
<snip the rest of the nonsense> Really, nothing personal, but this is ridiculous. However, I don't intend to debate or argue on the list about this, so I'll end on that note. If you believe what you say in your article, you should go an example this in a real-world environment and who us all how 'frightening' this is. :-)
Well thats good, I dont intend to argue silly points either. Idea is simply present security results as we understand them. So did you have questions about the theory presented? About whom is using XST in the wild? I havent seen it used in the wild yet personally. So I cant say that it is or isnt. I just dont know. I would hope it wont be. But thats kinda besides the tech and understanding of the potential. We can get technical and I can answer whatever questions you have. Let me know where your getting lost and I'll help ya out.
Current thread:
- Re: New Web Vulnerability - Cross-Site Tracing xss-is-lame (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing Jeremiah Grossman (Jan 22)
- <Possible follow-ups>
- Re: New Web Vulnerability - Cross-Site Tracing xss-is-lame (Jan 22)
- Message not available
- Message not available
- Re: New Web Vulnerability - Cross-Site Tracing Jeremiah Grossman (Jan 22)
- Message not available
- Re: New Web Vulnerability - Cross-Site Tracing xss-is-lame (Jan 23)