Re: [Full-disclosure] Re: Google is vulnerable from XSS attack

["sk / GroundZero" <fd-list@xxxxxxx>]

> Guys, don't be haters. n3td3v found a CRITICAL HOLE in one of the
> worlds biggest online products. He may not be the most popular face on
> this list, but his reputation stands firm. And now he's proven
> himself. You can't argue with that. It's solid. Those of you casting
> disparagements need to look carefully in the mirror and consider what
> you have contributed to this list. Have you found any XSS holes? Have
> you found any SQL holes. You be lucky to find your own pie holes. No?
> What? You've found no SQL injections? You're not a haxer. Sitting on
> this list riding on the backs of real researchers like our man here.

i found various holes over the years some have been made public and some stay 
undisclosed.
i wrote exploits for local/remote buffer overflows, format strings, integer 
overflows etc
hell even bss segment overflows but thats rater PoC as i never really spotted 
them "in-the-wild".
anyhow, its not that i want to show off or anything, i just want to tell you 
that i know what i'm talking
about. i dont sit here and post just because i have nothing better todo, but 
its annoying me
to see some kid act like he is the best security researcher ever, just because 
he found some
LAME XSS flaw.

well most people tend to just ignore such trolls, but if noone tells him how 
stupid he is, he will
continue to annoy us with his stupid postings.

also its not hard at all to spot XSS or SQL injection bugs. that is the most 
basic auditing.
i have yet to see any usefull code from him. finding sql injection bugs doesnt 
require
you to be a hacker.

> It's indisputable. He has proven contacts, a proven track record, and
> an ever growing war belt with TINY SHRUNKEN HEADS of the biggest
> companies today hanging from it. Google. Yahoo. IBM. Linux.

ok either you are a good friend of him or you are just n3td3v under an 
anonymous handle.
i belive you are n3td3v, but ok lets say you arent then you need to crawl out 
of his ass and stfu,
since judging by your comments you arent much into security at all.

oh and by the way, LINUX isnt a company :P

> The fellow may be lacking in personal skills, but most eccentric high
> flyers seem to share that trait. Einstein couldn't hold a marriage. Or
> like da Vinci and his oftentimes hard relationships with his young
> assistants. Nicolas Tesla held groundbreaking ideas but was
> discredited by two-bit hacks shouting him down from the sidelines. Hmm
> does that sound familiar? Yeah, without researchers like n3td3v
> working on these things, the whole system would just be falling apart
> all willynilly.

yea real security professionals who actually work hard to find new technics,
take hours of work to write an exploit for a double free() and not some stupid
xss flaws. sure xss can be a security risk, but most of the time its nothing 
and all low risk.
many people filter out XSS postings even. there is no hard work needed to find 
a xss flaw at all.

> So I think it's time to start acting like
> professionals. You want some cred, you've got to plug some holes. And
> then keep on plugging some more, even after you think they're
> completely plugged. Like MC Hammer did.

shut up n3td3v´(clone)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/