On Fri, 28 Jul 2006, n3td3v wrote:

> I have socially engineered him for what his company is worth, nothing
> but drama queens who pretend theres a XSS worm threat when there
> isn't.

Socially engineered what. You seem to think 1) You have a half clue
2) someone give's a rat's rear what comes out of your mouth.

> The only worm ever to appear with XSS was a harmless Myspace worm, yet
> both companies are saying things are critical and that the internet is
> rife with wormable XSS flaws, just to advertise to any would-be
> attacker who didn't know, to make sure they know now.

This entire paragraph makes no sense. Summarized you said:

"They're telling terrorist that other terrorists commit horrible
actions in case the terrorists don't know, or don't know how to
commit horrible acts"

> There wasn't originally a threat in reality, but you can be sure
> they've just created a threat by talking up the attack vector of XSS
> worms on social network sites.

And you're the security expert who knows that for a fact, there are
not XSS vulnerabilities already being exploited. You must be psychic
and have never heard of the terms "0-day" or private.

> You can bet they'll be an XSS worm on a social network doing something
> malicious in the next 6 to 12 months now, and you have F-Secure and
> Securityfocus to thank.

I'll one up you on this... A multicast worm coming soon to a theater
near you. Exploiting anyone in a listening multicast group. Forget
XSS. Its for kiddiots with too much time on their hands looking
to redirect my cookies.

> I conclude to say this is proof theres no moral responsibility in
> security news journalism anymore, if there ever was any, and this
> needs to change and fast.

What needs to change fast is moronic posts from you to this list.
Do you know how many messages I have to sift through in a day.
This was only answered because I sit here shaking my head wondering
who will be the one to hit you with a clue stick.

> Theres nothing we can do now, the damage has been done, we can only
> hope and pray the worst doesn't occur, a fully fledged malicious XSS
> worm on a social networking web site.

Firstly, its been established that the Brazilians (que fas!) have
been exploiting XSS worms in Orkut for some time so what makes you
think other sites haven't been hit up.

Secondly, "security news" sites have always been crapaganda
factories for the duration of Internet time. They do what they do
best, and that's hype up news for traffic. Take a "news" site
with something vested in the background and you've got one hell
of a crapaganda selling machine. Nothing new to computer security
or the world in general.

Thirdly, since I wanted to be a pain, to those "on the scene"
for some time... I will likely be doing up AntiOffline in the
last quarter of this year. Same format as before... No BS news
interviews and maybe some "chicks".

Netdev/n3td3v/n3td0rk/whatever... You need to pipe it down a bit,
pick up some books and do some heavy reading. Your posts are 
full/fool (Bushism) of retardedness.


-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil infiltrated . net http://www.infiltrated.net

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to