lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: mikieboy at hackermail.com (mike gringo)
Subject: re jpeg vuln

have previously posted to list under real name of michael simpson so excuse the diff address but maybe shouldn't do this thru work

I remember when Cass first told me about the netscape_crash jpeg odd behaviour with windows xp and as i run some xp boxen for the family i had a wee peek
interesting behaviour that i noted was
when it was sitting on a network folder, any attempt to axs folder by a -at that time unpatched- box it would lead to the usual explorer crash without the necessary user intervention of the click
i presume this is due to xp's sneaky peaky cachety looksie that it does with network folders.
use for this 
if one was to astonishingly find oneself in a surprisingly hostile relationship with the IT dept, say, at my place of work
and you knew that they were rummaging through the network thru your files, and that they were running a "vuln" os and that they weren't very sophisticated then you could liberally sprinkle both examples of the jpeg bug (strength in depth) throughout the fs especially in the usual places, stuff etc 

nothing there to see, not wanting to "piss on my chips" as they do pay the mortgage and i'm pretty certain that they don't read my FD folder
just a thought

mike
-- 
_______________________________________________
Get your free email from http://www.hackermail.com

Powered by Outblaze


Powered by blists - more mailing lists