| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rgerhards at hq.adiscon.com (Rainer Gerhards) Subject: April 1st is here (joy). now improved I think this posting shows the far superior way Windows prevents security issues like this. As the name says, it does not intend to allow you open access to the garden (which becomes even more sophisticated once TCPA is there...). With Windows, you obviously stay in-house and watch the carrots through... right, a Window! So as you do not have physical access to them, a root compromise is reliably prevented. I think this is also the primary reason that ActiveX - by its very core design - does not require a sandbox to be secure. Or have you ever seen a sandbox inside a house? As you can see, openness has its disadvantages ;) Rainer > Well if we are into folly anyway :-) > > FEAR!FEAR!FEAR!********!ADVISORY!***********FEAR!FEAR!FEAR! > > Security Advisory No 0x454564af > > We have discovered a serious security hole after OpenBSD 3.4 default > install! > > After successful installation, we proceeded to the garden. There we > grabbed a carrot and pulled firmly. And whoa, instant root acess! We > never thought it would be this easy. Really, these sorts of incidents > should be prevented. > > Due to the very serious nature of this bug, we will not > disclose PoC at > this time, esp because the root has already been consumed. > > For details visit our homepage > > http://www.iamanidiot.com/ > > ****************************************************** > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists