Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Posting w/o checking facts

from [Harry Hoffman] Network Security [Permanent Link]
Subject: [Full-Disclosure] Posting w/o checking facts
Date: Mon, 25 Oct 2004 23:43:39 -0400 
Hi,

Ok, I didn't think this needed to be said but why the hell are ppl posting exploits without doing any actual testing?

WTF is up with that. Umm, ok I can say that XYZ is a problem cause it "looks like it may be one".

NO, YOU CAN'T!!!! Or rather you can but then when everyone says your name while trying to hold back a snicker don't seem surprised.

If you think something is a problem then test it! If you can't test it than say so *clearly* in your post.

Making wild claims that a users' session can be hijacked or that you can force your way into the xyz system without testing makes you sound stupid (usually with good reason).

There have been at least three posts within the past couple of weeks that make claims that are questionable at best and certainly don't come with proof (or even anything that might closely resemble anything near proof).

My $0.02 cents (and I'm sure others will share one way or another) ;-)

--Harry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Posting w/o checking facts, Harry Hoffman <=
Previous by Date:  RE: Critical Vulnerability in Altiris Deployment Server architecture, Brooks, Shane
Next by Date:  Two Vulnerabilities in OpenWFE Web Client, Joxean Koret
Previous by Thread:  [CLA-2004:878] Conectiva Security Announcement - zlib, Conectiva Updates
Next by Thread:  Two Vulnerabilities in OpenWFE Web Client, Joxean Koret
Indexes:  [Date] [Thread] [Top] [All Lists]