[VIM] r0t is back - who's running the betting pool?

Sullo sullo at cirt.net
Tue Mar 28 00:31:35 EST 2006

Steven M. Christey wrote:

What can i get if i win? someone buys me a beer in vegas?

> 1) When will we see the first vendor dispute in which the vendor
>    doesn't actually understand XSS and needs to be educated?

Advisory #3

> 2) When will we see the first vendor dispute in which the vendor
>    claims that the reported SQL injection isn't a problem and we can't
>    prove that it's nothing more than a forced invalid SQL because r0t
>    used a ' and nothing else?
Advisory #1.

> 3) When will the first threatened lawsuit take place and how quickly
>    will the vendor retract it once proven wrong
Advisory #3, #5

> 4) When will we see an issue for a live site or service provider that
>    theoretically should not be included in vdb's based on editorial
>    policy but gets included anyway 'cause we're drowning in the
>    volume?
#1, 3, 4, 5, 6

> 5) Why is this humorous at all? :-/
See 1-4 above... you have to keep a sense of humor!

> And I'll buy a beer for anyone who's willing to write a generic "so, a
> 14 year old has reported a blatantly obvious XSS or SQL injection vuln
> in your product and you want to sue us" FAQ.
how much beer? :-)



http://www.cirt.net/      |     http://www.osvdb.org/

More information about the VIM mailing list