I have never ever heard of you. What's the last security advisory that YOU have come out with?
I'm sorry, but before you can go calling someone as 1337 as Skylined an "Ass-Clown", you need to build up some credibility for yourself. Until then, good-day sir.
If I ever discover a serious flaw in a product that has significant market penetration, and I receive approval from my employers, you can bet it would be released to the public, but until I am convinced of the value I will not.
That is the way life is for the people who choose to have a career practicing security rather than researching it; I am too busy finding and assisting with the correction of flaws within the organizations that have employed me in the past to spend time trying to punch holes in vendor xyz's products.
What this really means though, is that instead of having hundreds of security researchers pounding away at applications there is just me. One single solitary person; this means that in my time with my previous employer as a security consultant (god that sucked) I would have to take on identifying and exploiting vulnerabilities by myself against completely unique applications to resolve threats. Usually I would have one project at a time, and it would last a few weeks. Now that I am employed in a reasonably sized organization [12000 employees, ~400 developers, and ~1,200,00 customers] I frequently have multiple projects on the go, and frequently find myself with an overwhelming number of threat vectors to consider to worry about.
Before you go off patting people who manage to find holes in common off the shelf software on the back, or systems that have exposure of millions of users per minor version, take a moment to consider that, no, you do not know me. You have not heard of me because no application that I have reviewed to date has successfully been compromised provided the recommendations I made were followed; if they had you can bet that my former employer would have been sued for liability, and that I would be spending alot more time looking for a job than antagonizing people on Full-Disclosure. Don't bark at me about not having a long list of advisories from one of the most widely used applications on the internet.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
