shellcode isn’t complex, it only takes huge amounts of time to construct a correct payload, and that payload could chnage due to some conditions, and might not work all the time.
So no mumbo jumbo about “hacking” and “shellcode” because it looks difficult, while it really isn’t. The principles behind it are easy to grasp.

I understand what message you try to send here, but you can’t say hacking is “this” or “that”. Mainly for the fact that most buffer overflows all work the same, the creation of shellcode is only a process, just like programming is. If you like spending countless hours attaching crashing programs to a debugger, in order to construct decent shellcode, well that’s your kick then.

I do agree however that the “jar” issue isn’t bad. I don’t think it’s such a big issue, but that is my opinion. For the reason that a) I knew about it. b) Firefox/extensions boot up out jars. c) It’s actually used for a signed javascript archives for years. d) never trust content.

xss is not hacking because it needs interact from target

so does every other client-side exploit, even if it is BF or whatever else. what do u define as hacking?

only buffer overflow of openbsd dhcpd is hacking, because every important target use openbsd for everything. that is why openbsd dhcpd exploit is the greatest hacking of all time.

you are either script kiddie or you have no idea about the security business and industry at all.

because shellcode is complex

haha :) shellcode is complex? right! I guess it is complex to you because you cannot write it.

user interaction is lame except if u distribute backdoor exploit code for openbsd dhcpd exploit and user compile and run backdoor and then you own whitehat security company and then u write a zine about it.

why do u keep mentioning BSD? what is with that? My friendly advise to you is to open your mind a little bit and stop being a sheep. Security is such a vast topic. Restricting yourself one single thing wont bring you anything good and will make you sound retarded. So, keep up with your instincts but do not judge things that you simple don’t understand.

only buffer overflow of openbsd dhcpd is hacking, because every important target use openbsd for everything. that is why openbsd dhcpd exploit is the greatest hacking of all time.

no hacker is interested in hacking workstation of employee of target company and bouncing from internal workstation to sensitive data. this is not hacking because the workstation do not use openbsd dhcpd and hacker did not have to write shellcode.

because shellcode is complex, xss is not complex, therefore u should never use it to hack because only reason to hack is to impress other hackers with your exploit, not to get data or compromise network

user interaction is lame except if u distribute backdoor exploit code for openbsd dhcpd exploit and user compile and run backdoor and then you own whitehat security company and then u write a zine about it.