n3td3v wrote: > I'm not anti corporate. I'm anti people working within them making bad > security choices, like Yahoo do. I'm anti Secunia, as they host FD, > only because of the footer URL. If there was no footer URL, they > wouldn't even have thought about hosting FD.
Try and get causality the right way round in time. If they hadn't thought about hosting FD, there would be no footer URL. Because there would be no FD. >> You're slighting Secunia. At least Secunia does SOME original >> research. > > Show me their original research. The list on their website is claimed > to be, but isn't. Secunia original advisories: taken from http://secunia.com/secunia_research/, and not from the main advisory list, where they are intermingled with all the non-secunia advisories that they archive. Secunia Research - 2006 2006-22 Blazix Web Server JSP Source Code Disclosure Vulnerability 2006-21 AN HTTPD Script Source Disclosure Vulnerability 2006-20 Northern Solutions - RESERVED - Pending Disclosure 2006-19 Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability 2006-18 New Atlanta Communications - RESERVED - Pending Disclosure 2006-17 NOD32 Scheduled Scan Privilege Escalation Vulnerability 2006-16 unalz Filename Handling Directory Traversal Vulnerability 2006-15 RaidenHTTPD Script Source Disclosure Vulnerability 2006-14 Deerfield.com - RESERVED - Pending Disclosure 2006-13 Dwarf HTTP Server Source Disclosure and Cross-Site Scripting 2006-12 IceWarp - RESERVED - Pending Disclosure 2006-11 Orion Application Server JSP Source Disclosure Vulnerability 2006-10 NetworkActiv Web Server Script Source Disclosure Vulnerability 2006-9 Lighttpd Script Source Disclosure Vulnerability 2006-8 America Online - RESERVED - Pending Disclosure 2006-7 Microsoft Internet Explorer "createTextRange()" Code Execution 2006-6 ArGoSoft Mail Server Pro viewheaders Script Insertion 2006-5 NJStar Word Processor Font Name Buffer Overflow 2006-4 Macallan Mail Solution IMAP Commands Directory Traversal 2006-3 NeoMail neomail-prefs.pl Missing Session ID Validation 2006-2 @Mail Webmail Attachment Upload Directory Traversal 2006-1 E-Post Mail Server Products Multiple Vulnerabilities Secunia Research - 2005 2005-68 Adobe Document Server for Reader Extensions Multiple Vulnerabilities 2005-67 WinACE ARJ Archive Handling Buffer Overflow 2005-66 Verity Keyview SDK Multiple Vulnerabilities 2005-65 Visnetic AntiVirus Plug-in for MailServer Privilege Escalation 2005-64 ADOdb Insecure Test Scripts Security Issues 2005-63 TUGZip ARJ Archive Handling Buffer Overflow Vulnerability 2005-62 IceWarp Web Mail Multiple File Inclusion Vulnerabilities 2005-61 Pegasus Mail Buffer Overflow and Off-by-One Vulnerabilities 2005-60 SpeedProject Products ZIP/UUE File Extraction Buffer Overflow 2005-59 MailEnable Buffer Overflow and Directory Traversal Vulnerabilities 2005-58 Winmail Server Multiple Vulnerabilities 2005-57 Opera Command Line URL Shell Command Injection 2005-56 cPanel Entropy Chat Script Insertion Vulnerability 2005-55 ATutor Multiple Vulnerabilities 2005-54 ZipGenius Multiple Archive Handling Buffer Overflow 2005-53 WinRAR Format String and Buffer Overflow Vulnerabilities 2005-52 PHP-Fusion Two SQL Injection Vulnerabilities 2005-51 MySource Cross-Site Scripting and File Inclusion Vulnerabilities 2005-50 PowerArchiver ACE/ARJ Archive Handling Buffer Overflow 2005-49 ALZip Multiple Archive Handling Buffer Overflow 2005-48 AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow 2005-47 HAURI Anti-Virus ALZ Archive Handling Buffer Overflow 2005-46 Mantis "t_core_path" File Inclusion Vulnerability 2005-45 7-Zip ARJ Archive Handling Buffer Overflow 2005-44 SqWebMail Conditional Comments Script Insertion Vulnerability 2005-43 AVIRA Antivirus ACE Archive Handling Buffer Overflow 2005-42 Opera Mail Client Attachment Spoofing and Script Insertion 2005-41 ALZip ACE Archive Handling Buffer Overflow 2005-40 NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow 2005-39 SqWebMail HTML Emails Script Insertion Vulnerability 2005-38 IBM Lotus Domino iNotes Client Script Insertion Vulnerabilities 2005-37 Lotus Notes ZIP File Handling Buffer Overflow 2005-36 Lotus Notes UUE File Handling Buffer Overflow 2005-35 SqWebMail Attached File Script Insertion Vulnerability 2005-34 Lotus Notes TAR Reader File Extraction Buffer Overflow 2005-33 HAURI Anti-Virus ACE Archive Handling Buffer Overflow 2005-32 Lotus Notes HTML Speed Reader Link Buffer Overflows 2005-31 NetworkActiv Web Server Cross-Site Scripting Vulnerability 2005-30 Lotus Notes Multiple Archive Handling Directory Traversal 2005-29 IBM - RESERVED - Pending Disclosure 2005-28 Adobe Document/Graphics Server File URI Resource Access 2005-27 MDaemon Content Filter Directory Traversal Vulnerability 2005-26 Gossamer Threads Links Script Insertion Vulnerabilities 2005-25 Opera Download Dialog Spoofing Vulnerability 2005-24 HAURI Anti-Virus Compressed Archive Directory Traversal 2005-23 Novell NetMail NMAP Agent "USER" Buffer Overflow Vulnerability 2005-22 Mozilla Thunderbird Attachment Spoofing Vulnerability 2005-21 Internet Explorer Suppressed "Download Dialog" Vulnerability 2005-20 avast! Antivirus ACE File Handling Two Vulnerabilities 2005-19 Opera Suppressed "Download Dialog" Vulnerability 2005-18 Opera Image Dragging Vulnerability 2005-17 Ahnlab V3 Antivirus Multiple Vulnerabilities 2005-16 Netscape Property Manipulation Cross-Site Scripting 2005-15 Mozilla / Firefox Property Manipulation Cross-Site Scripting 2005-14 WhatsUp Small Business Report Service Directory Traversal 2005-13 WhatsUp Professional "Login.asp" SQL Injection 2005-12 Safari Dialog Origin Spoofing Vulnerability 2005-11 Mozilla Products Dialog Origin Spoofing Vulnerability 2005-10 Webroot Desktop Firewall Two Vulnerabilities 2005-9 Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability 2005-8 Opera Dialog Origin Spoofing Vulnerability 2005-7 Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability 2005-6 Adobe Reader for Linux Insecure Temporary File Creation 2005-5 Opera "javascript:" URLs Cross-Site Scripting 2005-4 Opera 8 XMLHttpRequest Security Bypass 2005-3 Mathopd Insecure Dump File Creation Vulnerability 2005-2 Yahoo! Messenger File Transfer Filename Spoofing 2005-1 Konqueror Download Dialog Source Spoofing Secunia Research - 2004 2004-21 Mozilla / Firefox "Save Link As" Download Dialog Spoofing 2004-20 My Firewall Plus Arbitrary File Corruption Vulnerability 2004-19 Opera Download Dialog Spoofing Vulnerability 2004-18 MercuryBoard "title" Script Insertion Vulnerability 2004-17 Ansel "image" SQL Injection and Script Insertion Vulnerabilities 2004-16 My Firewall Plus Privilege Escalation Vulnerability 2004-15 Mozilla / Mozilla Firefox Download Dialog Source Spoofing 2004-14 Spy Sweeper Enterprise Client Privilege Escalation 2004-13 Multiple Browsers Window Injection Vulnerability 2004-12 Microsoft Internet Explorer "createControlRange()" Memory Corruption 2004-11 Mozilla Firefox Download Dialog Spoofing Vulnerabilities 2004-10 Multiple Browsers Tabbed Browsing Vulnerabilities 2004-9 Pinnacle ShowCenter Skin File Cross-Site Scripting Vulnerability 2004-8 Microsoft Internet Explorer Multiple Vulnerabilities 2004-7 Sun Java Plug-In Predictable File Location Weaknes 2004-6 Yahoo! Messenger Audio Setup Wizard Privilege Escalation 2004-5 StarOffice / OpenOffice Insecure Temporary File Creation 2004-4 SquirrelMail Change_passwd Plugin Insecure Temporary File Creation 2004-3 GdkPixbuf BMP Image Handling Denial of Service Vulnerability 2004-2 Opera Browser Address Bar Spoofing 2004-1 IBM Net.Data Macro Name Cross-Site Scripting Vulnerability Secunia Research - 2003 2003-6 BRS WebWeaver Error Page Cross-Site Scripting Vulnerability 2003-5 Xeneo Web Server URL Encoding Denial of Service 2003-4 Opera browser filename extension buffer overflows 2003-3 FTPServer/X Response Buffer Overflow Vulnerability 2003-2 Alexandria-dev / sourceforge multiple vulnerabilities 2003-1 Opera browser Cross Site Scripting > Its a purely scene whore website, with no Secunia > original content. Maybe some folks reading the site haven't seen some > content elsewhere, but thats more because Secunia don't state the > original source, but they do state on their website at the bottom of > advisories that their content is taken from third party websites, > groups, researchers etc. No, it's because you're so fucking thick you didn't even look at the right page where they'd filtered out their own, secunia-originated advisories. >> Further, the service that Secunia provides is one of centralization >> and organization. There are hundreds of points of delivery and >> discussion for original research, Secunia itself being one of them. > > List your claim of their original research, thanks. Proven in spades, moron. > Secunia do none of the above. Go research on what they actually do, > than reading their carefully crafted wording on their website(s). You need to do more than just read that "carefully crafted wording". You need to actually try and *comprehend* it, you illiterate simpleton. Secunia are not to blame for the fact that you can't read plain english. It makes it perfectly clear that their advisories come from third-party sources unless explicitly stated otherwise. " Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise." What part of that don't you understand? "Carefully crafted"? That's plain bloody english, and you are just utterly blinded by your delusional beliefs about what they say and do. So blinded that you weren't even able to click on a couple of links or do a halfway less than pathetic attempt to research the matter. > It is not free. Secunia have given FD so much money, for the hidden > agenda of the URL in the footer message. If they are hosting FD and > its secure, its very much to protect their illegal spamming of > thousands of mail boxes. You're a paranoid kook. There is no such organisation as FD. It's a mailing list. How the hell can anyone give money to a mailing list? And how could anything be illegal spamming when you deliberately went and signed up for it? FD uses double-opt-in, it's an exemplar of good practice in mailing-list management. > You're the only one who doesn't seem to understand my stance and why > it makes sense. Trust me, i'm not alone on this one. Folks I speak to > everyday The voices in your head don't count. Now why don't you keep your word for the first time in your life and fuck off like you said you would? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/