[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] What the f*** is going on?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] What the f*** is going on?
- From: root <root_@xxxxxxxxxxxxxxx>
- Date: Tue, 22 Feb 2011 17:21:51 -0300
On 02/22/2011 02:11 PM, Michal Zalewski wrote:
>> I mean, if these are the security industry's geniuses, why, what would the
>> writers of Stuxnet be?
>
> ...seriously?
>
>> Disclosing how their epic story simply involved SQLi, well, what about the
>> guys discovering 0days in native code?
>
> Totally. I have long postulated that perl -e '{print "A"x1000}' is
> considerably more l33t than <script>alert(1)</script> or ' OR '1' ==
> '1.
>
> I don't understand the point you are getting at. I think that the more
> interesting aspect of this story are the egregious practices revealed
> in that write-up (and elsewhere):
>
> http://lcamtuf.blogspot.com/2011/02/world-of-hbgary.html
>
> /mz
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
I know many of you web people feel bad about it, but the truth it that
you don't automatically execute stuff with perl -e '{print "A"x1000}'
IMHO it really is considerably more l33t.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/