Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] F-Secure to release XSS "potential dangers"

from [n3td3v] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] F-Secure to release XSS "potential dangers"
Date: Thu, 27 Jul 2006 16:14:58 +0000
On 7/27/06, Dan B <dan-fd@f-box.org> wrote: 
"We'll finish our draft with more on the potential dangers of XSS for
you soon."

.

My translation:

No malicious code was used in the Netscape hack, but we'll release
tips and code examples soon to show everyone how you can use the
Netscape vulnerability to cause the maximum damage, since these guys
only know how to write pop-up dialog alert scripts with childish
messages so far.

I'm sure if they knew how to fully exploit the Netscape vulnerability,
they would have done so, so we're just going to give them a helping
hand by releasing a draft, with a carefully crafted title "potential
dangers of XSS", we'll get away with it by calling it that.

People will just think we're trying to scare vendors into taking XSS
more seriously, but really, the aim of our draft will be to aid
malicious users who didn't know how dangerous XSS was, and that theres
more to XSS than just popping-up funny alert messages, just don't tell
anyone our true intentions, we want to sound responsible and
professional, while helping attackers by proxy at the same time.

Remember, the bigger the attacks we can encourage, the more money we
as F-Secure make. Any tactic to help attacks occur while on the
surface looking responsible and professional, will help our profit and
sell us more software.

It gets boring in the summer at F-Secure when all the hackers are on
vacation and sitting out on beaches getting a sun tan, so the more we
can provoke these kind of attacks the better for our boredom as
individual employees and the F-Secure brand as a whole.

Remember, without the badguys with big hacks, we as F-Secure would
have no reason to exist, so it makes since for us to do everything
legally possible to show people how to hack in the greatest possible
way.

We'll release that potential dangers of XSS draft soon, stand by
folks, our profit depends on it.

Please check out our software, it will by coincidence protect you
against everything we'll be mentioning in our "Potential dangers of
XSS" draft.

Stay safe folks, F-Secure is part of your security solution, and we're
here to protect you.

Don't listen to n3td3v when he says we want to create security
incidents for our software to fix, that kind of idea is unthinkable.

Check out our web site
www.f-secure.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Crap capitalistic artical in PC World mentions Full Disclosure, Joe Barr
Next by Date:  [Full-disclosure] [SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages), Moritz Muehlenhoff
Previous by Thread:  Re: [Full-disclosure] F-Secure to release XSS "potential dangers", Dan B
Next by Thread:  Re: [Full-disclosure] F-Secure to release XSS "potential dangers", xyberpix
Indexes:  [Date] [Thread] [Top] [All Lists]