by r0t,der4444,cembo,VietMafia

Tuesday, April 11, 2006

r0t FAQ edition 0.9 alfa

Hi again,
Im r0t who reports mostly about new SQL/XSS attack vulnerabillities on net.
So there is some things that i want to do clear:

1)You arent correct with you report.


1.Every from my vulnerabillity report is autmatically reported to 4 vuln. research
teams/bugtraq sites (secunia,osvdb,frsirt,security.nnov.ru)So, thats mean or you are more skilled that we all together or you mis.. some stuff. 99% of all my reports are later verified by bigest and best vulnerabillity researchers on the world.
So i have mistakes also with my reports , cauz sometimes i report vuln. for software wich dont have any public demos or trial versions and my test are only tested on "case study" or clients who use that software.
In that way sometimes vuln researchers after me to verify my report have big problems with that, cauz who wanna test in real examples and of course its ilegall, so you can only imagine how is to prove something doing test on bank sites and .gov sites.
about that of course i have problems with goverments,police and other structures who fight vS "hackers" at all , but its my problem ,not yours.
Do it mean that i had broken laws with my tests and reports?
Yes of course, but as i used only for testing and reporting, i can answer in any justice for that, for my tests and reports.




2)Next time report to vendor!

2.Why i dont report to vendors about vulnerabillities?There was few times when i did report and one of them was Vbulletin my favorite forum developers, when from few reports i didnt get answers in some weeks i automatically forgot about reporting to vendors. Of course not all vendors is like one vendor and one vendor isnt like others.




3) Its isnt profesional when you dont report to vendors.

3.Look if you are one of those vendors who are listed on my blog, so thats shows that you had mistake in your work and your product was unsecured and thats means that you arent profesional, im not a developer im only pentester.




4)Give me live example.

4. If you arent from Secunia,frsirt,osvdb or vendor i will not provide you with any live examples or HowTo´s.So anyway forget about that and RFM!




5)We had fixed that in new realease,delete your report.

5.Look im very glad that you had fixed that vuln., but your vuln. version of your developed software is already in use and many people will use it for while.
Its my reports and nothing will be deleted only if i will recognize that it was my mistake.

6) You are hacker.

6. I never had that idea that im hacker , hacker for me i guru in that skills and knowledge that i dont have. I do only my "job" i report about unsecure systems, with wish that not a vendor ,but software potentional user will now about unsecured systems and he will get more easy to chose witch one software he will use in his project.
Yes of course i admit and moderate some hacker and security boards now , but there i am with another "ID", cauz sometimes to be a r0t, can very dangerous.

7) Apnikushi ir tie bugi, bez Tevis blogs bija daudz labaaks/intresantaaks.

7.Cienijamie LV biedri , visiem kuriem sagada galvassaapes shi bloga apmekleeshana vai mana klaatbuutne, varu ieteikt nekad nenaakt uz sho blogu.
Protams ka piekritiishu, ja teiksat ka shis nav normals blogs utt.
Jo es neesmu nekaads blogu miilis,to var spriezt jau peec taa bardaka kas ir redzams shaja bloga..
Bet taa lai teiktu, ka redz bez Tevis bija daudz lasakamaaks,buutu galiigi stuulbi, jo blogu izveidoju es.
Starpcitu mani neintrese tik daudz LV nets, lai es ar vinju reikkinaatos.



PS.
I hope this FAQ will give answers to most of your questions, if you have any another questions about me or my reports you can mail me: r0t [at] r00t.it

4 Comments:

Anonymous Anonymous told...

blogs ir superīgs! Paldies Tev, ka centies!

11:13 AM

 
Anonymous Anonymous told...

izskatās ka uz latviešu sabiedrību sadusmojies bik esi? :) tas kas kuram nepatīk paša probzas, laigan var jau pacensties rast kompromisus. Turas!

2:40 PM

 
Blogger r0t told...

Ir atsevishkki neveiskmiigi indiviidi, kuriem mute paveras tikai ,lai pateiktu kaadi visi ir laames , bet vins ir tik uberkuulz.
Komrpimisiem nav vietas, nevar visiem izpatikt un diezvai es to censtos darit.

4:54 PM

 
Anonymous Anonymous told...

eh r0t, uuberkuulaas laames jau sen nenjemu galvaa, tev iesaku dariit taa pat, noveelu izturiibu turpinot tureet blogu pie dziiviibas, man tagad sanaak daudz laika veltiit citaam lietaam, bet driizumaa laikam atkal ko labu buus jaauzkodee vai kaadu rakstu jaaiemet ;)

cembo

5:27 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew