Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] F-Secure to release XSS "potential dangers"
From: Dan B (dan-fdf-box.org)
Date: Thu Jul 27 2006 - 10:33:44 CDT
> You missed the point of my post.
> I have nothing against F-Secure reporting the bug, I only have
> something against F-Secure supplying information on how to use an XSS
> vulnerability properly in which to cause the most damage to the
> Netscape web site.
F-Secure have not stated this in their posting to their weblog.
> If you read my post and the F-Secure blog properly, you'll see they
> reported that the vulnerability wasn't exploited fully, and F-Secure
> promised to publish information to show attackers how to do the job
Incorrect. And I quote from
"We'll finish our draft with more on the potential dangers of XSS for
This in no way states that they are going to release details of current
> Thanks for your attempt to wind me up, you almost succeeded.
And if you take a look at:
They do exactly that... DISCUSS the risks/dangers, NOT the details.
You really should read peoples words more carefully before responding.
PS. It's Thursday, nearly the weekend!
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/