after the last email where they asked for a resume i did not feel like making up a fake resume like i made a fake company so I ignored them... only 3 days later simon sends this email begging me to stay in contact and work him
I think snosoft but be in serious trouble if they look to merge with companies and hire employees based on troll posts from FD On Nov 5, 2007 10:59 AM, Simon Smith <[EMAIL PROTECTED]> wrote: > Thought you were interested in contract work? > > reepex wrote: > > you see you are arguing how useful xss can be for an attacker, but the > > point of this argument is > > > > 1) how hard is it find xss in applications > > 2) how hard it is to successfully exploit the vulnerability > > > > compared to other vulnerabilities xss is way down on the scale > > > > i also believe this is what pdp wanted to argue as he believes xss is on > > the same scale as other bugs following 1 and 2 > > > > On Nov 4, 2007 2:28 PM, < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > reepex wrote: > >> 1) XSS isnt techincal no matter how its used > > I totally disagree with you.. isn't technical for those who cannot > > realize how much powerful can be a xss, especially if persistent. > > > >> 2) people who use xss on pentests/real hacking/anything but > > phishing are > >> lame and only use it because they cannot write real exploits > > (non-web) or > >> couldnt find any other web bugs (sql injection, cmd exec,file > > include, > >> whatever) > > Imho the pentesting will move day by day closer to web applications > > flaws testing, since the web applications are self written by webmasters > > and more exposed to possible bugs. Concerning sql inj or rfi are not > > more difficult to be discovered.. > > > >> 3) XSS does not have a place on this list or any other security > > list and i > >> remember when the idea of making a seperate bugtraq for xss was > > proposed and > >> i still think it should be done. > > Dunno about that, even if i agree that all the xss flaws found should > > not be reported here, they would be too much. > > > >> 4) if you go into a pentest/audit and all you get out is xss then > > its a > >> failed pentest and the customer should get a refund. > > I don't agree with this too for the same reasons as before. > > > >> 5) publishing xss shows your weakness and that you dont have the > > ability to > >> find actual bugs ( b/c xss isnt a vuln its crap ) > > Imho a xss is a vuln as much as the others, since if used smartly could > > get quite dangerous. > > > > Reading a report from zone-h i read that the most effective hacking > > cause it's the xss.. i don't know if i shall agree with this, but > > obviously it should make us think about it. > > > > bye > > > > /nexus > > > ------------------------------------------------------------------------ > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > -- > > - simon > > ---------------------- > http://www.snosoft.com > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
