AKS phishing is an attack not a vulnerability, anyhow we
don't expect you to know that.
Anyhow reading your advisories, one can clearly see you don't
understand implications of either redirection or phishing.
Man!, where went those good days of stack overflows, we are
seriously tired of Web hoopla joopla's, but we understand a
simple stack overflow for them is a nightmare to understand.
1) AKS nobody notified you, you found it for yourself, trying
to be elite (notified to me).
2) Guess what learning and bull crap don't go hand and hand.
If you are learning then act like a learner and not like some
elite security professional.
3) Motto ? , yeah we have a motto, to expose you and your
hollow self , plus hollow skills.
4) Abuse ? whats the matter can't take some criticism, stop
writing those useless articles and show some real work (of
your own of course). Also spend some time on your useless
English, it really needs a heavy improvement.
"Is this the price one has to pay if he is working hard
relentlessly!"
excuse me kiddo, you are not the only one working hard
around here. What's the matter can't put value to your
hard work ?
5) Professional Abuse ?? what's that ? English dude English.
Trying to scare us ?, don't worry we will mirror this on every online
blog available planet, lets see what you can do, Ha Ha!
At last the truth, if you were real AKS, then you wouldn't have to
worry about this blog, but it seems you are scared now.
Whether you go to CERT or BlackHat you will still remain
the same old nut.
Also in your blog why do you publicize so much ?, whats the
matter ? seems again you can't put value or weight to your
work.
Guiding students, hmm; maybe we should send a email
to your college (XCON speakers page), they must be having
some sort of mailing list system, we will find out soon.
We will drop the students an E-mail about you and your gleaming
links.
Happy bull crapping AKS!
AKS now claims he can differentiate between web servers
using the HEAD request. According to him he can differentiate
between different apache versions just by a HEAD requests.
Oh! sweet lord, you are the king of HTTP, what the hell is wrong
with you, can't you all the different head request responses are
indicating different configurations and not versions!. A HEAD
request is similar to a GET request!, missing the message body
and couple of other differences.
In you blog entry about HTTP/1.1 the "ignore part" means that
web servers support HTTP/1.0 too. Clearly don't try to retaliate
when you are caught with your head up your ass.
Clearly AKS you should write the next HTTP standard, today
you made Tim Berners Lee proud.
Guys you see in the article how the fact about HTTP/1.1 and
host header is highlighted. The big fact AKS is discovered
suddenly and now he is going to market and publicize it.
This is so enjoyable, clearly AKS's children would be proud of
him.
Message for AKS: Have guts stand up to the crap you write.
Please don't change anything again, or you want us to mirror
your crap too ?
He removed his crappy HTTP requests but still the crap article
remains, hey AKS the article is still a /dev/null, cause all the time
the tool says connection refused and timeout. What in the world
are you trying to say ?.
The Ctrl+C, Ctrl+V code from the cookie crap blog entry has also
been removed. Seems he still doesn't understand encrypting cookies
cannot save him from 3rd party attacks, if we sniff your cookie we can
use it no matter what, unless you have included the parameters
that uniquely identify the *******, this too may not work in some aspects.
(Guess what AKS ?).
Seems AKS finally accepts(only to his conscious) he writes crap.
Don't worry we will keep you as correct as possible. After all
we are the core operatives division of SecNiche.
Familiar ? too much ! also no credit given to the person who wrote it.
Also encrypting cookies is a new way of avoiding 3rd party attacks for
AKS a.k.a 0kn0ck.
Hey lamer if you are reading this see below
A<---->B<---->C
A encrypts, C decrypts or vice versa
Now
A---->B--->D--->C
How do you get away from D, umm get it ?, i don't think so
cause you don't know HTTP at all.
Also here
http://triosec.secniche.org/concepts/rogue_sip_daemon.txt
Do you know why server is saying 404 ? because for HTTP/1.1, host header is
mandatory. Do you still get it ? we don't think so.
High time you did laundry instead of security.
Hats off to you!.
