On 6/24/06, Troy Solo <[EMAIL PROTECTED]> wrote:
As much as I have valued your opinion in the past, Valdis, you certainy
lose some credibility "backing" n3td3v.
Just one man's opinion.
--
/*
/* Troy Solo
/* <[EMAIL PROTECTED]>
/* Si Hoc Legere Scis Nimium Eruditionis Habes
/*
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
You don't know what you're talking about.
We're the biggest group around in the underground, we have lots of backers.
Don't base your opinion of n3td3v or Valdis on a handful of regular FD trolls who bring anyone or any group of people down at any slight sign of weakness they can pick on someone for.
FD has turned into a playground of bullies, who target people who actually research vulnerabilities, while the bullies don't offer any on-topic contribution apart from bringing others down who are making an effort in the security community.
I wish the elitism would stop, its bringing the list down as a whole and every each individual within it, so much so that some subscribers of the list who do actually research real vulnerabilities are scared to post their vulnerabilities here, incase they become targeted by the bullies and their work discredited. Also from speaking to my contacts off list, they are scared to comment on atechnical level of already existing threads in fear of a people bringing them down, for no obvious and justified reason, apart from the attacker getting self satisfaction of bringing down an individual or group of individuals who contribute more than they are personally capable of.
To begin with it was cross-site scripting being called lame then SQL injection, then denial of service, all comments made by people who I can only see a hint of jealousy from. Thats all Valdis was doing, he wasn't sticking up for me per say, he was sticking up for the type of vulnerability. He was saying, sure it might be low impact, but when its a low impact vulnerability on Yahoo, then it ups the ante ten fold, and allows for global attacks on a global audience. Therefore denial of service in products from the biggest applications from the biggest internet based vendors in the world, should not be discredited as lame and a no threat.
The people were almost saying "why did you post this to fd"... and once the list starts that kind of trend, then as I said earlier, researchers are going to become to post their vulnerabilities to fd, if all the feedback they get are childish remarks from people on the list who don't appreciate their work.
Remember, FD isn't "thee" place to post, theres milw0rm.com and other places where vulnerabilities can be disclosed, just like the Yahoo Messenger denial of service, it wasn't post via FD originally... so ruin your own community, the ball is in your court. People who think FD is invincible and people will ignore all the negitive comments under advisories forever are very much mistaken.
Thanks for listening,
n3td3v
More than one man's opinion.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
