Full Disclosure mailing list archives
Re: Netgear SSL312 XSS vulnerability
From: <full-disclosure () mac hush com>
Date: Thu, 18 Oct 2007 13:15:54 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What? On Wed, 17 Oct 2007 14:15:31 -0400 rembrandt () jpberlin de wrote:
Dear SkyOut, dear Packetstorm team (tedd :)) and dear List. The author brocke a NDA during the releasing of this "uber"- Advisory. Skyout: What the fuck is wrong with u? Even ignoring our mails... wow? We provided the Router, told him to take a look and he angreed to a NDA. Do I care if you release a XSS? Hell no... But I care if you accapted a NDA because of other internal things. Did you found it by yourself? Well not realy... (We provided a router, told you to take a look for XSS....) Is it uber-critical? Not realy either... Could you've released it anyway? Sure.. but you didn't asked and pissed off about 9 different people. Skyout: And for what? For a Advisory about a XSS... great job. Btw: "Cryptocrew" Members: This guy is seriously NOT trustworthly. I just mention it in case you may consider to hire him.... This XSS is nothing we wanan sue you for but a NDA is a NDA. And if you come along and tell me "Well I didn#t signed anything" I#ve at least 7 people handy who can ensure that you angreed to a NDA. A NDA is a NDA that's what you need to learn Skyout, rly.. If you start talking about other internal things be sure we'll consider to take further steps and because you don't answer any mail let me mention that in here.... And dear list: It's nothing about the XSS but about the NDA he brocke to release it... I'm sure if he wants to take his postings as reference this should get mentioned either.... Kind regards, Rembrandt (+ the friends you had) p.s. Greets go to t3c0 who noticed the XSS at first but had no time to write about it (and no serious interest). This should get mentioned as well so hopefully some archives update their "news". And Skyout.. I told ya you're not the first who analyses it. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcXlMoACgkQqTTbVuUWvbKj1gQAjbroKuNR+blbmuCp9OGYo2eiiYTY ruMyi5FDpOYV+oUdEKCrdZLTHL3S5HlfS22SL1BlhuX/UTm+m5LOaUHH0uoGAeHACxKE nHVP/182+KOgEeYox1HzT+dSsh8WkqwUFFLBgl51zV0iaLIJBEsoa7o2zVeJAMln2WOO 3wBEhDs= =8vNh -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Netgear SSL312 XSS vulnerability SkyOut (Oct 13)
- Re: Netgear SSL312 XSS vulnerability rembrandt (Oct 18)
- Re: Netgear SSL312 XSS vulnerability Lolek of TK53 (Oct 18)
- <Possible follow-ups>
- Re: Netgear SSL312 XSS vulnerability full-disclosure (Oct 18)
- Re: Netgear SSL312 XSS vulnerability jpk (Oct 19)
- Re: Netgear SSL312 XSS vulnerability full-disclosure (Oct 19)
- Re: Netgear SSL312 XSS vulnerability full-disclosure (Oct 19)
- Re: Netgear SSL312 XSS vulnerability rembrandt (Oct 18)