|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: root (root_
fibertel.com.ar)
Date: Tue Feb 22 2011 - 14:21:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 02/22/2011 02:11 PM, Michal Zalewski wrote:
>> I mean, if these are the security industry's geniuses, why, what would the
>> writers of Stuxnet be?
>
> ...seriously?
>
>> Disclosing how their epic story simply involved SQLi, well, what about the
>> guys discovering 0days in native code?
>
> Totally. I have long postulated that perl -e '{print "A"x1000}' is
> considerably more l33t than <script>alert(1)</script> or ' OR '1' ==
> '1.
>
> I don't understand the point you are getting at. I think that the more
> interesting aspect of this story are the egregious practices revealed
> in that write-up (and elsewhere):
>
> http://lcamtuf.blogspot.com/2011/02/world-of-hbgary.html
>
> /mz
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
I know many of you web people feel bad about it, but the truth it that
you don't automatically execute stuff with perl -e '{print "A"x1000}'
IMHO it really is considerably more l33t.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]