[you guys don't read what i type anyways]

well, if all the rhican-flamers can't see this as a helpful contribution, they'd all... ...well... ...thanks rhican.

"Most of you will have noticed..

(o who am i kidding) No-one here did"

A bit of a bold statement.

Anyway, it was actually some dumb arse Debian developer who decided to tinker with OpenSSL back in 2006 that caused this.

It's got to be one of the biggest stuff ups I've seen in awhile. Basically there's roughly less than 20 bits of entropy actually going into generating a key, regardless of the actual length of the key. Not a lot in other words.

[bye now]

key escrow maybe?

Dear rhican Master
You don't have to prove us that you are the Greatest Hacker The World Has Ever Seen, because we all know that.

But if you keep posting stuff like "Hey, I found an XSS bug here and there, please respect me." or "I read about security vulnerabilities but I bet noone does it." we will loose our faith in You, Master.

Greetz
Z, member of the rhican fan club

Hmm, boring.

What the fuck are you blabbing about.


First of there is also no reason to talk about XSS in a pejorative way, seeing as one of the 3 bugs i reported was only reported because it was used against me.

When you look at the timeline of the XSS disclosures
Rankk.org : rankk was hot and i didn't previously post anything about xss, the rankk people fixed it without a problem
bright-shadow: it was used against me (by logos) I had to publish it in order to get it fixed. It still took em quite some time and drama
wechall : 2(kender,inferno) of their admins have serious things stuck up their ass. it was also a slightly different attack vector that was used. It est there are no < and > in the exploit, while many people still think that if you just filter < with a str replace you fixed all the xss.

It definitely is not "here and there" it were 3 well positioned websites within our community, and it's not the only thing i disclosed.

furthermore I don't have the desire to prove anything. nor do I want a fanclub. I couldn't care less whether or not you or anyone else here respects me. I made that perfectly clear.



IF
"I read about security vulnerabilities but I bet noone does it."

is how you interpret this post you are pretty pathetic. It's a thread discussing one of the biggest news facts in security probably this year. And you only got to the first lines? thats pretty sad. you took offence to three words wich were followed by colon p, the fact that this website has an irritating colon p smilie is not my problem.


The fact that none of you were able to say something on topic (with the exception of Trav) Tells me alot.

I had already cut down my post rate here. Now it will go even lower.