WebApp Sec mailing list archives
RE: Felony For Refreshing A Web Page
From: "Ebeling, Jr., Herman Frederick" <hfebelingjr () lycos com>
Date: Sat, 7 Jan 2006 22:24:42 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----Original Message---- From: Jason Coombs [mailto:jasonc () science org] Sent: Saturday, 07 January, 2006 10:19 To: exon; zeno () cgisecurity net Cc: websecurity () securityfocus com; webappsec () securityfocus com Subject: Re: Felony For Refreshing A Web Page :: It's official. Americans are crazy. : : Although your sentiment is appreciated it's more likely a sign of a change of expectation that : society is adopting across-the-board, perhaps just a political swing and perhaps more lasting in : its implications. : : The rules are now simple: when you find a weakness in society, you are expected to do one of the : following but never both: : : 1. Report the vulnerability to the appropriate authority or peer group being careful never to : make use of your knowledge of the weakness in any way but still spreading awareness of the : vulnerability and hoping that everyone else obeys the rules and acts in accordance with the : principles of responsible disclosure. : : 2. Run away and hide, staying away from anything that even resembles the vulnerability, unless : there is computer forensic evidence that you discovered the vulnerability, in which case you : must opt for #1 above or else you can and will be prosecuted for wrongdoing based solely on some : person's so-called 'expert' opinion. : : Following these two simple rules will keep you out of harms way when other people fail to follow : these rules, and ensure that you always appear trustworthy and law-abiding. : : Regards, : : Jason Coombs : jasonc () science org Jason, The sad thing is that even IF someone were to follow your two "rules" there will ALWAYS be someone else who will try to blame them for something. . . Herman Live Long and Prosper ___________________ _-_ \==============_=_/ ____.---'---`---.____ \_ \ \----._________.----/ \ \ / / `-_-' __,--`.`-'..'-_ /____ ||- `--.____,-' -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQ8B5/B/i52nbE9vTEQLpCgCgp6fV4i8Gv0ReQBa2hvYc1GOmJ9EAnjh0 fI4N0ZP5xcoYZahfIPLHVHQZ =aRdL -----END PGP SIGNATURE----- ------------------------------------------------------------------------------- Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh -------------------------------------------------------------------------------
Current thread:
- Felony For Refreshing A Web Page zeno (Jan 06)
- Re: Felony For Refreshing A Web Page exon (Jan 07)
- Re: Felony For Refreshing A Web Page Todd Ellner (Jan 07)
- Re: Felony For Refreshing A Web Page exon (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 07)
- Re: Felony For Refreshing A Web Page Todd Ellner (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 07)
- Re: Felony For Refreshing A Web Page Charles Miller (Jan 08)
- Re: Felony For Refreshing A Web Page lakewood1 () copper net (Jan 09)
- <Possible follow-ups>
- Re: Felony For Refreshing A Web Page Jason Coombs (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 08)
- Re: Felony For Refreshing A Web Page exon (Jan 07)
