Re: [Full-disclosure] F-Secure to release XSS "potential dangers"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I have nothing against F-Secure reporting the bug, I only have
> something against F-Secure supplying information on how to use an XSS
> vulnerability properly in which to cause the most damage to the
> Netscape web site.

Most books on Web Application hacking will freely give out this info  
and so wil most sites without having to look too far.


> If you read my post and the F-Secure blog properly, you'll see they
> reported that the vulnerability wasn't exploited fully, and F-Secure
> promised to publish information to show attackers how to do the job
> properly.

Personally, I do think that this is the only way that major corps are  
going to see how bad things could be.


> Thanks for your attempt to wind me up, you almost succeeded.

On the one, from my side, you seem to have calmed downed a hell of a  
lot lately, and to be honest, I'm actually reading what you write  
these days, keep it up, it's great to see!

I am not trying to start another flame war here, personally I think  
that n3td3v has come a long way recently.

xyberpix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEynwvjoyYcOmj6B8RAohRAJwNyFD6ZBL/t4KuIOcllPC+ZZyE7wCgpb44
zHuNu8LP8NpUrK+qO3XcyKE=
=lX6i
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/