Re: [Full-Disclosure] @(#)Mordred Security Notice - exporing the hacking websites
From: morning_wood (se_cur_ity_at_hotmail.com)
To: "Sir Mordred" <firstname.lastname@example.org>, <email@example.com> Date: Mon, 5 May 2003 19:31:10 -0700
Do not deny this man his freedom to speak his mind, especially about
security flaws. The "errors" he pointed out are freely available to view, I
have seen similar errors on many websites. Sir Mordred is meerly selecting
from a plethora of servers that exhibit the same type of errors.
Did we not just have a horrible war for FREEDOM? or did I dream of people
my 2 bitz
----- Original Message -----
From: "Sir Mordred" <firstname.lastname@example.org>
Sent: Monday, May 05, 2003 5:25 PM
Subject: Re: [Full-Disclosure] @(#)Mordred Security Notice - exporing the
> >While this is amusing, I'm hoping you tell them befor eyou post these?
> Actually no. There are several reasons for this:
> 1) I failed to contact with some of them, so decided to share the
> common behavior for all of them (i.e. dont tell)
> 2) This is a REAL world examples - that means you can see that the are
> present, they should show the state of web app security (
> you probably read enough pdf's on web app security, on sql injection ...
> etc... )
> If it has been fixed, who can tell that i am telling the truth about the
> Again, reading this notice and the notices
> which will be released in the near future, you may think -
> damn, these guys gonna teaching me security?
> even teaching web application security?
> wait, what? they are releasing web app assesment tools and doing web app
> assesment for the money? ...
> Hmm, they should run these elite tools of their websites!
> >If you legally post
> >this type of information knowing others will be abusing it you >might
> yourself in some legal
> >trouble down the road.
> Well, i know that.
> But what is better?
> Let me freely to post such kind of information or see it on a
> full-disclosure from some unkown subscriber/haxor?
> Or don't know that someone already using these vulnerabilities for
> months and owning website?
> Also i hope that the community will not use this information
> for harm, only for fun maybe :-)...
> Best regards,
> // Sir Mordred
> This letter has been delivered unencrypted. We'd like to remind you that
> the full protection of e-mail correspondence is provided by S-mail
> encryption mechanisms if only both, Sender and Recipient use S-mail.
> Register at S-mail.com: http://www.s-mail.com
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure - We believe in it.