Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
RE: Informing Companies about security vulnerabilities...

From: alan (alanclueserver.org)
Date: Thu Oct 05 2006 - 12:54:28 CDT

On Thu, 5 Oct 2006, Michael Scheidell wrote:

>> -----Original Message-----
>> From: listbouncesecurityfocus.com
>> [mailto:listbouncesecurityfocus.com] On Behalf Of Joseph McCray
>> Sent: Wednesday, October 04, 2006 3:07 AM
>> To: pen-testsecurityfocus.com
>> Subject: Informing Companies about security vulnerabilities...
>> This probably won't sound like that big of a deal, but it
>> still bothered me so I figured I'd ask the list. I was
>> teaching a Web Application Security class last week and we
>> were performing simple XXS, SQL Injection, etc on the
>> vulnerable web apps I use for class.
> So, what's the pool up to now? I have $50 on two weeks before the FBI
> closes down the school, takes all the computers in the school, executes
> a search warrant for every students computer, and the bright boy
> teaching the class spends thousands of dollars trying to explain to a
> Judge (that reads the newspaper about hacks on banks) that what he did
> was not hacking.

I have the same bet on this list. ]:>

"Oh, Joel Miller, you've just found the marble in the oatmeal. You're a
lucky, lucky, lucky little boy. 'Cause you know why? You get to drink
from... the FIRE HOOOOOSE!"
         - The Stanley Spudoski guide to mailing list administration

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.