>> Hence kindly do not entertain any more bogus from secniche, also i don't understand >> what in the world are the CVE maintainers doing.
this is not first time a CVE been assigned to a fake claims. Since FD has become a short cut to fame, history has proven that many clowns in the past had their fake claim promoted by getting a CVE tagged. It is understood that with more are more exponentially replicating clowns in the industry it is hard for mitre to validate all vague claims. -d On 7/22/07, Pranay Kanwar <[EMAIL PROTECTED]> wrote: > Reply from the developer of JWIG regarding "Hack Annotations in JWIG" by > secniche.org > > > Hi Pranay (cc to "SecNiche"), > > Thank you for bringing this to our attention. I have now read this document > "Hack Annotations in JWIG", and I must admit that I have never seen so > much bogus in so few pages ever before. Is this a (bad) joke?? It seems that > the author Aditya K Sood (a.k.a. Bubba Gump?) has completely > misunderstood the processing model of web communication in general and JWIG > in particular. JWIG is a research project exploring new ways of > programming web applications. JWIG programs run on the server, and the JWIG > system obviously does not by itself provide any means for attackers to > control which code is being executed on the server. This means that all the > example "attacks" described in this report seem to assume that the > attacker is the service programmer, which clearly doesn't make much sense. > I hope that anyone reading a report like "Hack Annotations in JWIG" quickly > will see that it is all bogus. However, I would naturally prefer that > "SecNiche" would withdraw these absurd claims whereever they have been > published. > > Regards, > Anders > > > Pranay Kanwar wrote: > > Hello, > > > > > > I would like to bring to your notice the following claims regarding the > > bogus > > security problems in JWIG. > > > > > > http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064768.html > > http://www.securityfocus.com/archive/1/474156/30/0/threaded > > http://www.webappsec.org/lists/websecurity/archive/2007-07/msg00022.html > > http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf > > > > Kindly comment on these, I would request this as this makes wrong > > assumptions > > and will hinder the usage of JWIG technology. > > > > I have also negated the claims myself. > > > > Regards > > > > warl0ck // MSG > > > -- > Anders Moeller > [EMAIL PROTECTED] > http://www.brics.dk/~amoeller > > Hence kindly do not entertain any more bogus from secniche, also i don't > understand what in the > world are the CVE maintainers doing. > > > warl0ck // MSG > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
