[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Google vulnerabilities with PoC
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Google vulnerabilities with PoC
- From: Alfredo Ortega <alfred@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 14 Mar 2014 15:54:14 -0300
Oh and this guy Shadown seems pretty knowledgeable too.
BTW now I have to read what is this about,lets see...
Alright, from TFA:
"That means that a door was open for anyone to upload any file of
choice. Whether this is a security vulnerability or not, I will leave
that to your discretion"
Not even you are sure this is a real vulnerability. It is not.
On 03/14/2014 03:36 PM, Alfredo Ortega wrote:
> Mario has years of experience (more than 10 in fact) in exploit writing
> and vulnerability assessment. I would consider his position on the subject.
>
> If you don't believe me, Argentina extended me certifications that
> proves that I can tell who has vulnerability assesment skills and who
> does not.
>
> If you don't believe in Argentina, you should know the ONU accepts it as
> a sovereign independent country.
>
> That is the complete certificate chain proving you that Mario is not an
> idiot as you inferred.
>
> Best regards,
>
> Alfred
>
>
> On 03/14/2014 10:50 AM, Sergio 'shadown' Alvarez wrote:
>> Dear Nicholas Lemonias,
>>
>> I don't use to get in these scrapy discussions, but yeah you are in a
>> completetly different level if you compare yourself with Mario.
>> You are definitely a Web app/metasploit-user guy and pick up a discussion
>> with a binary and memory corruption ninja exploit writter like Mario. You
>> should know your place and shut up. Period.
>>
>> Btw, if you dare discussing with a beast like lcamtuf, you are definitely
>> out of your mind.
>>
>> Cheers,
>> Sergio.
>> -- Sergio
>>
>> On Mar 14, 2014, "Nicholas Lemonias." <lem.nikolas@xxxxxxxxxxxxxx> wrote:
>>> We are on a different level perhaps. We do certainly disagree on those
>>> points.
>>> I wouldn't hire you as a consultant, if you can't tell if that is a
>>> valid
>>> vulnerability..
>>>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/