On Fri, Nov 11, 2011 at 12:54 AM, xD 0x41 <[email protected]> wrote: > > about the clouds, dude, i found the whole attacking of amazon as rude,
So did I, which is why I came to Amazon's defense in pointing out that those in glass houses shouldn't be throwing stones. The company (Enomaly) abusing Amazon over a complex SAML XML digsig vulnerability[1] was/is still using a trivial vulnerable signature mechanism in their own products that Amazon had fixed years ago[2], among other issues which I had reported 6+ months earlier (not validating requests, passing prices to clients in hidden form fields, etc). Their security response is also appalling[3]. > and shit, so, as i said before, your a lamer. and, just stfu and wear > it, thats MY opinion i did not say the whole list has to follow > shithead. > > stfu and ride your magical carpet thru the clouds... :P~ > to the others who find cloud bs amusing, or ripping or fucking with > amazon as amusing, go read what your kids are buying shit from.. then > maybe you would see, some places, you do not fuck with, you ttreat > with respect, because they sometimes wont affect you directly, but > oneday, it wmay well do this, thanks to your silly exploits on things > that should not be used like this, features manipulated into > exploits...shit, you should not be disclosing shit with amazon, on Fd, > fullstop. > If you cannot see my view then, your just as stupid as i have thought. > now go play with your cloud formations, and upload some f1les to s0m3 > l33t 4p4ch3 s3rv3r kid. > > eh sorry henri and others, but i had to just get that out to, about > cloud/sploitcloud... it is fkn ridicuoud...asking for trouble, people > like that should get knocks on the door, simply to be put into a > mnental home for theyre own good. Sorry for the confusion but that's not at all what I said[4]. No harm done — others replied off list to say they found it amusing. Anyway I have a credit card to go cancel (per the subject of this thread). Sam 1. http://www.theregister.co.uk/2011/11/01/amazon_downplays_cloud_crypto_flaw/ 2. http://www.daemonology.net/blog/2008-12-18-AWS-signature-version-1-is-insecure.html 3. http://samj.net/2011/11/how-not-to-respond-to-vulnerability.html 4. http://samj.net/2011/10/sploitcloud.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
