On 7/26/06, c0ntex <c0ntexb@xxxxxxxxx> wrote:
On 26/07/06, n3td3v <xploitable@xxxxxxxxx> wrote: > F-Secure know the enemy of the Netscape web site are reading their blog: I see you notice that f-secure, a security company, have released information about a security bug - well spotted - next, you thoughtlessly share your opinion and disgust about said site advertising said information, then work a form of magic that surpasses even Harry Potters book of wizardry by sending /to a public mailing list/ a link to the same information. You then execute ./mounth -vv, apposed to the earlier ./mouth -v, providing a nice write-up about the bug, netscape and security for search bots to index. Netscape is d00med!! and it is all n3td3v's fault lol -- regards c0ntex
You missed the point of my post. I have nothing against F-Secure reporting the bug, I only have something against F-Secure supplying information on how to use an XSS vulnerability properly in which to cause the most damage to the Netscape web site. If you read my post and the F-Secure blog properly, you'll see they reported that the vulnerability wasn't exploited fully, and F-Secure promised to publish information to show attackers how to do the job properly. Thanks for your attempt to wind me up, you almost succeeded. n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/