Well, just playing devil's advocate here, mind you, I think much of the irritation from MustLive's postings comes from the following three reasons:
1.) MustLive is primarily a web-application specialist (for the sake of argument) 2.) The vulnerabilities he finds are of a class of vulnerabilities that are most common in his field. (Consider: someone searching for vulnerabilities in internet services directly and doing the binary analysis will primarily be finding buffer or stack overflows, right? In web security, XSS and SQL injection (as well as others I'm undoubtedly forgetting -- I am *NOT* counting "not using a CAPTCHA" here, see next item) are the most common vulnerabilities, given the lack of binary code to overwrite) 3.) Every so often he posts a vulnerability of questionable risk in the form of "anti-automation" which is essentially a fancy way of saying "ha ha they don't use CAPTCHA." I don't consider that a vulnerability so much as an opening for annoyance; I suppose your mileage may vary. My guess is that there's a thought that web apps are far easier to crack at than binaries, so vulnerabilities are easier to find, therefore don't waste time finding something that's "useless." That may be, in some cases, but sometimes a vulnerability in the web app destroys the entire chain, so to speak. Thoughts? -Zach (P.S. Still just playing devil's advocate; sometimes they get to annoy the crap out of me too.) On Thu, Feb 17, 2011 at 9:57 AM, Eyeballing Weev <[email protected]>wrote: > It's either he floods f-d with his "vulnerabilities" or he has to go out > in the real world to farm dirt for export to the West. > > On 02/17/2011 12:54 PM, Zach C. wrote: > > fucking *two days*? Is that even enough time for the vendor to > acknowledge? > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
