Full Disclosure mailing list archives
pissed off
From: cyn0n () myrealbox com
Date: Thu, 24 Apr 2003 23:36:22 -0500
greets- Is anyone else pissed off at stupid shit like this flying around lists that are supposed to be respectable? Arguing over this type of stuff and even reporting this is just the most stupid fucking thing I've ever seen. Why is there such an emergence of stupid 'professionals' that wish they knew a thing about security and try to prove it by posting to lists to gain fame for their worthless capitalistic tendencies in security? There have been arguments that there is some good to having people like this so that the public image is maintained but look at the news--the public still doesn't like people who are smarter than them concerning computers/networks/security. I'll be the first one to evangelize full-disclosure and open-source and all that good stuff but there is an inherent problem with people like this and we must find a way to remove them from our scene. I'd propose the first and easy way is to setup another new mailing list dedicated to not producing crap in our mailboxes that we have to define another rule for deletion of. Of course wasn't this full-disclosure's intentions in the first place? There exist private unknown lists that stay semi-true to these goals but they are all very small in circulation and don't garner enough of the support that is needed to build and grow our scene. Then of course you have irc/ircs but not all of us have enough time to fuck around and idle when more important stuff like research and coding (holy shit! hackers code?!!) and keeping a job exist. Anyone have any ideas on what to do with this? Now to ward off stupid people that type faster than they think: 1) Following the old security adage I'm labeling everyone that might think I'm talking about them a 'stupid shit' unless they can prove otherwise. Basically don't take offense that easily if you disagree with what I've said above regarding the material that is frequently on the list. 2) There are not too many worthwhile security companies/'groups' out there. Therefore I tend to generalize and stereotype the rest of you. If you are an exception to this my apologies. 3) If you are sending a flame or non-constructive comments at least have the decency to forward them to me privately instead of creating more spam. I'd of course prefer if you just calmed down and though for a second. pissed off, cyn0n On Wed, Apr 23, 2003 at 02:30:14PM -0400, badpack3t wrote:
Tamer, You may want to correct yourself. You discovered http://target/% on an OLD (Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.) version. I found a different bug in there latest version (which was 2.2.9.0. at the time) by requesting a GET / with 4096 ?'s. Now how would this be the same as you released? Care to explain? --------------------------- -badpack3t www.security-protocols.com ---------------------------Hi Folks, I contributed the vulnurability about Xeneo Webserver, mentioned below, to iDefense on 4th, November 2002. All rights on this vulnurability belongs to me and iDefense. Craps, http://lists.netsys.com/pipermail/full-disclosure/2003-April/009371.html http://lists.netsys.com/pipermail/full-disclosure/2003-April/009386.html My Advisories at iDefense, http://www.idefense.com/advisory/11.04.02b.txt Please, without searching well, do not publish these kind of advisories. Cheers, Tamer Sahin http://www.securityoffice.net_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Xeneo Webserver Vulnerability Tamer Sahin (Apr 23)
- Re: Xeneo Webserver Vulnerability Jakob Balle (Apr 23)
- Re: Xeneo Webserver Vulnerability badpack3t (Apr 23)
- <Possible follow-ups>
- Re: Xeneo Webserver Vulnerability badpack3t (Apr 23)
- pissed off cyn0n (Apr 24)
- Re: pissed off Valdis . Kletnieks (Apr 25)
- Re: pissed off Melvyn Sopacua (Apr 26)
- Re[2]: pissed off Tamer Sahin (Apr 26)
- Re: Re[2]: pissed off Knud Erik Højgaard (Apr 26)
- Re: Re[2]: pissed off Cedric Blancher (Apr 26)
- Re: Re[2]: pissed off Halil Demirezen (Apr 27)
- Re: Re[2]: pissed off badpack3t (Apr 26)
- Re: Re[2]: pissed off Halil Demirezen (Apr 27)
- Re: Re[2]: pissed off Steve (Apr 28)
- Re: Re[2]: pissed off madsaxon (Apr 28)
- pissed off cyn0n (Apr 24)
- Re: Xeneo Webserver Vulnerability Jakob Balle (Apr 23)