I was asking for your opinion.
On Tue, Jan 1, 2013 at 7:31 PM, some one <s3cret.squir...@gmail.com> wrote: > If you reread what i posted you will see that i do not give my opinion on > the quality of his posts. I will keep that to myself, I just state that its > better than dudes (and your) troll posts. > > Regards > On Jan 1, 2013 3:04 PM, "Benji" <m...@b3nji.com> wrote: > >> So you would say, that you find the things he posts "of interest"? >> >> Please expand on how and why anti automation bugs in unknown cms's are >> "of interest"? >> >> >> On Mon, Dec 31, 2012 at 11:58 PM, some one <s3cret.squir...@gmail.com>wrote: >> >>> If you do not like or find of interest what the guy posts is it not >>> easier to just press delete or filter him out rather than try to make fun >>> of him? >>> >>> Give the dude a break man, hes submitting more things of interest than >>> you are and you just make yourself sound bitter and twisted. >>> >>> Its new year man, go out and drink a beer or eat some fireworks >>> On Dec 31, 2012 5:17 PM, "Julius Kivimäki" <julius.kivim...@gmail.com> >>> wrote: >>> >>>> Hello list! >>>> >>>> I want to warn you about multiple extremely severe vulnerabilities in >>>> websecurity.com.ua. >>>> >>>> These are Brute Force and Insufficient Anti-automation vulnerabilities >>>> in websecurity.com.ua. These vulnerability is very serious and could >>>> affect million of people. >>>> >>>> ------------------------- >>>> Affected products: >>>> ------------------------- >>>> >>>> Vulnerable are all versions of websecurity.com.ua. >>>> >>>> ---------- >>>> Details: >>>> ---------- >>>> >>>> Brute Force (WASC-11): >>>> >>>> In ftp server (websecurity.com.ua:21) there is no protection from >>>> Brute Force >>>> attacks. >>>> >>>> Cross-Site Request Forgery (WASC-09): >>>> >>>> Lack of captcha in login form (http://websecurity.com.ua:21/) can be >>>> used for >>>> different attacks - for CSRF-attack to login into account (remote login >>>> - to >>>> conduct attacks on vulnerabilities inside of account), for automated >>>> entering into account, for phishing and other automated attacks. Which >>>> you >>>> can read about in the article "Attacks on unprotected login forms" >>>> ( >>>> http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html >>>> ). >>>> >>>> Insufficient Anti-automation (WASC-21): >>>> >>>> In login form there is no protection against automated request, which >>>> allow >>>> to picking up logins in automated way by attacking on login function. >>>> ------------ >>>> Timeline: >>>> ------------ >>>> >>>> 2012.06.28 - announced at my site about websecurity.com.ua. >>>> 2012.06.28 - informed developers about the first part of >>>> vulnerabilities in >>>> websecurity.com.ua. >>>> 2012.06.30 - informed developers about the second part of >>>> vulnerabilities in >>>> websecurity.com.ua. >>>> 2012.07.26 - announced at my site about websecurity.com.ua. >>>> 2012.07.28 - informed developers about vulnerabilities in >>>> websecurity.com.ua >>>> and reminded about previous two letters I had sent to them with carrier >>>> pigeons. >>>> 2012.07.28-2012.10.31 - multiple attempts to contact the owners of >>>> websecurity.com.ua >>>> were ignored by the owners. >>>> 2012.11.02 - developers responded "fuck off and kill urself irl!". >>>> 2012.12.31 - disclosed on the list >>>> >>>> Best wishes & regards, >>>> MustLive >>>> Security master extraordinaire, master sysadmin >>>> http://websecurity.com.ua >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/