[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] F-Secure to release XSS "potential dangers"
- To: n3td3v <xploitable@xxxxxxxxx>
- Subject: Re: [Full-disclosure] F-Secure to release XSS "potential dangers"
- From: xyberpix <xyberpix@xxxxxxxxxxxx>
- Date: Fri, 28 Jul 2006 22:05:51 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have nothing against F-Secure reporting the bug, I only have
something against F-Secure supplying information on how to use an XSS
vulnerability properly in which to cause the most damage to the
Netscape web site.
Most books on Web Application hacking will freely give out this info
and so wil most sites without having to look too far.
If you read my post and the F-Secure blog properly, you'll see they
reported that the vulnerability wasn't exploited fully, and F-Secure
promised to publish information to show attackers how to do the job
properly.
Personally, I do think that this is the only way that major corps are
going to see how bad things could be.
Thanks for your attempt to wind me up, you almost succeeded.
On the one, from my side, you seem to have calmed downed a hell of a
lot lately, and to be honest, I'm actually reading what you write
these days, keep it up, it's great to see!
I am not trying to start another flame war here, personally I think
that n3td3v has come a long way recently.
xyberpix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFEynwvjoyYcOmj6B8RAohRAJwNyFD6ZBL/t4KuIOcllPC+ZZyE7wCgpb44
zHuNu8LP8NpUrK+qO3XcyKE=
=lX6i
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/