Full Disclosure mailing list archives
Of course you guys support full-disclosure
From: full-disclosure () lists netsys com (Rain Forest Puppy)
Date: Tue, 27 Aug 2002 14:28:14 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"rfp the ripper" refers to the recent Novell advisory that accredits RFP with the discovery of a technique that, prima facie, was dropped by some ~el8 sympathizer in a rant on this list in order to point out what he/she/it considered a technical blunder on the part of RFP and other prominent whitehat web security figures. He/she/it alluded to the Phrack article wherein RFP made the blunder. If the vulnerability is related to the little useless bread crumb dropped by said poster, which some say is, then in all respects the technique was "ripped". Now I'm sure the poster is not suffering any degree of agony over this small incident, but it is still an amusing reflection of a larger pattern that has seen whitehats "leeching" and standing on the shoulders of higher beings...
Well, I'm honored that you'd care so much to make some public statement about me, but lemme let you in on a few secrets: - - That Novell bug was sent to them in June. This list was created in July. Thus a bit tough for me to rip something said on this list. - - That ~el8 sympathizer got it wrong. It was not a blunder, and it still holds true: The Phrack article discusses how to pass parameters to a program exec'd *FROM WITHIN* a CGI. You can not pass POST parameter (STDIN) to these applications because the parent CGI reads in and parses STDIN before the sub-application is executed. The ~el8 sympathizer was talking about executing the CGI itself. Two different things. Perhaps you and the ~el8 sympathizer should go back and reread the article. And if you have questions in understanding it, please, feel free to email me. - - rfp -----BEGIN PGP SIGNATURE----- Comment: Public key at http://www.wiretrip.net/rfp/gpg-key.txt iD8DBQE9a4Ck8z6qql3x7WgRAjmIAJ40iOsDGzsoNs9flnIxnyaDwN8W8ACeJOur JanggeGY1WxcQXkWo9GmKWk= =0+l5 -----END PGP SIGNATURE-----
Current thread:
- Of course you guys support full-disclosure, (continued)
- Of course you guys support full-disclosure hellNbak (Aug 25)
- Of course you guys support full-disclosure full-disclosure () lists netsys com (Aug 25)
- Of course you guys support full-disclosure full-disclosure () lists netsys com (Aug 25)
- Of course you guys support full-disclosure Steve (Aug 25)
- Of course you guys support full-disclosure nwonknu (Aug 25)
- Of course you guys support full-disclosure full-disclosure () lists netsys com (Aug 26)
- Of course you guys support full-disclosure hellNbak (Aug 26)
- Of course you guys support full-disclosure Isaak Bloodlore (Aug 26)
- Of course you guys support full-disclosure hellNbak (Aug 26)
- Of course you guys support full-disclosure full-disclosure () lists netsys com (Aug 26)
- Of course you guys support full-disclosure full-disclosure () lists netsys com (Aug 26)
- Of course you guys support full-disclosure Rain Forest Puppy (Aug 27)