Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: @(#)Mordred Security Notice - exporing the hacking websites

Re: @(#)Mordred Security Notice - exporing the hacking websites

From: morning_wood <se_cur_ity_at_hotmail.com>
Date: Mon, 5 May 2003 19:31:10 -0700

 Do not deny this man his freedom to speak his mind, especially about
security flaws. The "errors" he pointed out are freely available to view, I
have seen similar errors on many websites. Sir Mordred is meerly selecting
from a plethora of servers that exhibit the same type of errors.

Did we not just have a horrible war for FREEDOM? or did I dream of people
being killed?

my 2 bitz

morning_wood
http://exploit.wox.org
----- Original Message -----
From: "Sir Mordred" <mordred_at_s-mail.com>
To: <bugtraq_at_cgisecurity.net>
Cc: <full-disclosure_at_lists.netsys.com>
Sent: Monday, May 05, 2003 5:25 PM
Subject: Re: [Full-disclosure] @(#)Mordred Security Notice - exporing the
hacking websites

> Hi,
>
> >While this is amusing, I'm hoping you tell them befor eyou post these?
>
> Actually no. There are several reasons for this:
> 1) I failed to contact with some of them, so decided to share the
> common behavior for all of them (i.e. dont tell)
> 2) This is a REAL world examples - that means you can see that the are
> present, they should show the state of web app security (
> you probably read enough pdf's on web app security, on sql injection ...
> etc... )
> If it has been fixed, who can tell that i am telling the truth about the
> vulnerabilities?
>
> Again, reading this notice and the notices
> which will be released in the near future, you may think -
> damn, these guys gonna teaching me security?
> even teaching web application security?
> wait, what? they are releasing web app assesment tools and doing web app
> assesment for the money? ...
> Hmm, they should run these elite tools of their websites!
>
> >If you legally post
> >this type of information knowing others will be abusing it you >might
find
> yourself in some legal
> >trouble down the road.
>
> Well, i know that.
> But what is better?
> Let me freely to post such kind of information or see it on a
> full-disclosure from some unkown subscriber/haxor?
> Or don't know that someone already using these vulnerabilities for
> months and owning website?
>
> Also i hope that the community will not use this information
> for harm, only for fun maybe :-)...
>
> Best regards,
> // Sir Mordred
>
>
>
>
> ________________________________________________________________________
> This letter has been delivered unencrypted. We'd like to remind you that
> the full protection of e-mail correspondence is provided by S-mail
> encryption mechanisms if only both, Sender and Recipient use S-mail.
> Register at S-mail.com: http://www.s-mail.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on May 06 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos