Hello MustLive! Thanking you for taking a personal approach to all of your list admirers!
Prosperous futures abound! A missive granted in thy honor sweet prince of XSS. On Sun, Jan 17, 2010 at 4:33 PM, MustLive <[email protected]> wrote: > Hello Travis! > > Thanks for your attention to my article about MouseOverJacking attacks. > >> If you read the HTML specification you can find all sorts of XSS >> attack vectors that people just assumed would be redundant to write >> entire articles on! > > Yes, I'm familiar with HTML specification (as web developer from beginning > of 1999) and I know about different events in HTML. And as web security > professional I know a lot of XSS vectors. > > Many of events in HTML are not widespread enough (or not usable enough) for > XSS attacks to write entire articles about them, but such ones as onclick > and onmouseover are those which worth entire articles. There were said a lot > about attacks via onclick in 2008, so I decided to said about onmouseover in > 2009 (because it worths it). > > P.S. > > Because Jeff is already in my blacklist, as I mentioned to the list, so in > the future no need to send me his letters. If you'll decide to answer me, > than write me directly. > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > ----- Original Message ----- From: "T Biehn" <[email protected]> > To: "Jeff Williams" <[email protected]> > Cc: "MustLive" <[email protected]>; > <[email protected]> > Sent: Tuesday, January 05, 2010 4:53 PM > Subject: Re: [Full-disclosure] MouseOverJacking attacks > > >> Hey MustLive! >> If you read the HTML specification you can find all sorts of XSS >> attack vectors that people just assumed would be redundant to write >> entire articles on! >> >> Here! >> http://www.w3.org/TR/REC-html40/interact/scripts.html >> >> -Travis >> >> On Sun, Jan 3, 2010 at 10:29 PM, Jeff Williams <[email protected]> >> wrote: >>> >>> Thanks for your wishes MustDie; >>> >>> Do you consider yourself as an oz XSS ninja ? >>> >>> Did your C.V. ended in the OWASP trash bin ? >>> >>> And how the fuck you came up with a nickname like that ? >>> >>> >>> >>> Let us know, we truly give a shit about your life, and xss. >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> >> -- >> FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C >> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on >> http://pastebin.com/f6fd606da > > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
