|
Full Disclosure
mailing list archives
Re: on xss and its technical merit
From: Byron Sonne <blsonne () rogers com>
Date: Wed, 12 Dec 2007 15:23:15 -0500
Its amazing the last 2 posters even have
to time to read FD.
It's not without it's uses :)
With all the super important super secret
projects they must be working.
LOL
believes XSS and XSRF as viable attack vectors
The other side thinks its rubbish.
That's a disingenuous distortion. I happen to think they are both viable
attack vectors AND rubbish.
the folks who are so bored <yawn> with XSS and
CSRF can post their remarkable works and amaze
us all.
The second I can think of, or accomplish, something that's both more
interesting than this xsscsrfbbqwtf slop and hasn't been done before, I
will. It is not easy to come up with cool new stuff or "wicked ass
shit". That's kinda my point, and why we see so much of this derivative
crap.
Now obviously there's a ton of folks around with way better resumes than
me and a far better skill set, but don't go telling me to stand in awe
of someone who found this kind of hole in some big name website. Wanting
fame and respect for XSS on stuff like Goggle is like asking for respect
'cos you lifted Paris Hilton's wallet, or jimmied the door on the back
of Microsoft's shipping warehouse.
There is nothing gloriously technical about it, there is no elegance,
only a clever trick.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: on xss and its technical merit, (continued)
Re: on xss and its technical merit Jay (Dec 12)
Re: on xss and its technical merit Jay (Dec 13)
| 
Intro
