> Its not a sexy beast that you can blog about That hasn't stopped some people ;)
I've done some serious thinking about this, and I've come to the conclusion that hacking at web stuff is innately boring. Maybe it's like watching bicycling on TV; fun to do but boring as hell to watch or listen to other people talk about. Ooooh xss csrf htmlmnopqrstuvwxyz bah! The only thing possibly interesting about it is the target, what you scam them for, or what you get access to. The problem is that anything www facing is pretty much in the realm of the sheep, so of course almost everything is going to be rotten with holes. You have community colleges pumping out 'web experts' or dudes who read a redhat+apache+php+mysql+foo howto and now are seen as gurus. In terms of a technically interesting challenge, it sounds about as exciting as picking fights with 10 year olds. Shit man, most of this stuff is more about fooling people than anything. Yawn. I was bored tricking or weaseling passwords out of datacentre employees over the phone 20 years ago. Now I'm supposed to get excited 'cos some retards are doing it over the web? > If an app is vuln to XSS chances are the rest of the app > is crap anyways... A safe assumption. In fact, if it's on the web, it's a safe assumption it's crap anyways. Or is that Crap2.0? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
