Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] F-Secure to release XSS "potential dangers"

from [Dan B] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] F-Secure to release XSS "potential dangers"
Date: Thu, 27 Jul 2006 17:33:44 +0200 
Hi,

n3td3v wrote:

You missed the point of my post.

I have nothing against F-Secure reporting the bug, I only have
something against F-Secure supplying information on how to use an XSS
vulnerability properly in which to cause the most damage to the
Netscape web site.

F-Secure have not stated this in their posting to their weblog.



If you read my post and the F-Secure blog properly, you'll see they
reported that the vulnerability wasn't exploited fully, and F-Secure
promised to publish information to show attackers how to do the job
properly.

Incorrect. And I quote from
http://www.f-secure.com/weblog/archives/archive-072006.html#00000927

"We'll finish our draft with more on the potential dangers of XSS for
you soon."

This in no way states that they are going to release details of current
live XSS.


Thanks for your attempt to wind me up, you almost succeeded.

n3td3v


And if you take a look at:
http://www.f-secure.com/weblog/archives/archive-072006.html#00000930
They do exactly that... DISCUSS the risks/dangers, NOT the details.

You really should read peoples words more carefully before responding.

Cheers,
Dan.

PS. It's Thursday, nearly the weekend!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [USN-326-1] heartbeat vulnerability, Martin Pitt
Next by Date:  [Full-disclosure] Bypassing Oracle dbms_assert, Alexander Kornbrust
Previous by Thread:  Re: [Full-disclosure] F-Secure to release XSS "potential dangers", n3td3v
Next by Thread:  Re: [Full-disclosure] F-Secure to release XSS "potential dangers", n3td3v
Indexes:  [Date] [Thread] [Top] [All Lists]