mailing list archives
Posting w/o checking facts
From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Mon, 25 Oct 2004 23:43:39 -0400
Ok, I didn't think this needed to be said but why the hell are ppl
posting exploits without doing any actual testing?
WTF is up with that. Umm, ok I can say that XYZ is a problem cause it
"looks like it may be one".
NO, YOU CAN'T!!!! Or rather you can but then when everyone says your
name while trying to hold back a snicker don't seem surprised.
If you think something is a problem then test it! If you can't test it
than say so *clearly* in your post.
Making wild claims that a users' session can be hijacked or that you can
force your way into the xyz system without testing makes you sound
stupid (usually with good reason).
There have been at least three posts within the past couple of weeks
that make claims that are questionable at best and certainly don't come
with proof (or even anything that might closely resemble anything near
My $0.02 cents (and I'm sure others will share one way or another) ;-)
Full-Disclosure - We believe in it.
- Posting w/o checking facts Harry Hoffman (Oct 26)