[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] What the f*** is going on?

To: Pietro de Medici <piedemed@xxxxxxxxx>
Subject: Re: [Full-disclosure] What the f*** is going on?
From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Date: Tue, 22 Feb 2011 09:11:30 -0800

> I mean, if these are the security industry's geniuses, why, what would the
> writers of Stuxnet be?

...seriously?

> Disclosing how their epic story simply involved SQLi, well, what about the
> guys discovering 0days in native code?

Totally. I have long postulated that perl -e '{print "A"x1000}' is
considerably more l33t than <script>alert(1)</script> or ' OR '1' ==
'1.

I don't understand the point you are getting at. I think that the more
interesting aspect of this story are the egregious practices revealed
in that write-up (and elsewhere):

http://lcamtuf.blogspot.com/2011/02/world-of-hbgary.html

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] What the f*** is going on?
  - From: root
- Re: [Full-disclosure] What the f*** is going on?
  - From: Charles Morris
- Re: [Full-disclosure] What the f*** is going on?
  - From: jf

References:
- [Full-disclosure] What the f*** is going on?
  - From: Pietro de Medici

Prev by Date: [Full-disclosure] AppSec USA 2011
Next by Date: Re: [Full-disclosure] What the f*** is going on?
Previous by thread: [Full-disclosure] What the f*** is going on?
Next by thread: Re: [Full-disclosure] What the f*** is going on?
Index(es):
- Date
- Thread