[Full-disclosure] Re: F-Secure to release XSS "potential dangers"

[Mike M]

Drama queen

From: n3td3v <xploitable at gmail.com>
> Subject: [Full-disclosure] F-Secure to release XSS "potential dangers"
> To: n3td3v <n3td3v at googlegroups.com>
> Cc: full-disclosure at lists.grok.org.uk
> Message-ID:
>         <4b6ee9310607261206o7f502179r96998366f9959997 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> [snip]Fortunately no one has tried to inject malcious code... yet.
>
> We'll finish our draft with more on the potential dangers of XSS for
> you soon.[/snip]
>
> See:
>
> http://www.f-secure.com/weblog/
>
> It is a blog entry titled "Netscape hacked".
>
> F-Secure to encourage Digg script kiddies to hack Netscape properly?
>
> This is highly irresponsible of F-Secure and they should be held
> legally responsible if the information they release in relation to
> their "Netscape hacked" blog entry is used maliciously.
>
> F-Secure know the enemy of the Netscape web site are reading their blog:
>
> See:
>
> http://www.digg.com/tech_news/Netscape_com_HACKED_2
>
> Yet, F-Secure are going to release XSS information anyway, to better
> assist those would-be Digg script kids who want to bring harm to the
> Netscape, Digg styled web site.
>
> The only potential danger will be caused by F-Secure, if they go ahead
> and release the XSS information they promise to release, in the
> context of Netscape being hacked. It is the wrong context in which to
> be talking about releasing malicious XSS code examples. F-Secure will
> be F-Secure I guess though. Time for important people in the security
> industry to back me up on this one.
>
> Thanks,
>
> n3td3v
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060727/f7521303/attachment.html