| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Mar 2009 13:19:39 -0600 From: "Jim Parkhurst" <JPARKHUR@....state.tx.us> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: Apple Safari ... DoS Vulnerability Can we stay on task, please? >>> Jason Starks <jstarks440@...il.com> 03/03/2009 10:11 >>> Mr. Mustache, it is obvious that I have more talent than a box of chocolates, and that you envy the sadistic nature of your fellow trolls on this list. Point blank. On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear Valdis, > > I have been able to reproduce a similar situation using Firefox > under MacOSX, using different websites and a significantly larger > number of tabs. Do you think these issues might be related or are > they operating system specific? What model of CPU were you testing > this issue under? > > Thanks, > - -bm > > On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache > <security.mustache@...il.com> wrote: > >I would like to point out that I have been able to create a "hung" > >state in the Firefox browser by opening 30 simultaneous tabs > >pointed > >at http://www.welcometointernet.org/lawnmower/ and adding a 31st > >tab > >viewing http://www.hotrussianbrides.com. > > > >Also, I am not amused. > > > > > >Your humble servant, > >Ze Mustache von Kletnieks > > > >On Mon, Mar 2, 2009 at 10:29 PM, <bobby.mugabe@...hmail.com> > >wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Dear Nick, > >> > >> You and Thierry Loller are wrong. > >> > >> - -bm > >> > >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald <nick@...us- > >> l.demon.co.uk> wrote: > >>>Chris Evans to Thierry Zoller: > >>> > >>>> > Example > >>>> > If a chrome tab can be crashed arbritarely (remotely) it is > >a > >>>DoS attack > >>>> > but with ridiculy low impact to the end-user as it only > >>>crashes the tab > >>>> > it was subjected to, and not the whole browser or operation > >>>system. > >>>> > But the fact remains that this was the impact of a DoS > >>>condition, > >>>> > the tab crashes arbritarily. > >>>> > >>>> Eh? If you visit www.evil.com and your tab crashes, that's no > >>>> different from www.evil.com closing its own tab with > >Javascript. > >>> > >>>But what if www.evil.com has run an injection attack of some > >kind > >>>(SQL, > >>>XSS in blog comments, etc, etc) against www.stupid.com? > >>> > >>>Visitors to stupid.com then suffer a DoS... > >>> > >>>Yes, stupid.com should run their site better, fix their myriad > >XSS > >>>holes, > >>>etc, etc. > >>> > >>>But this is the Internet, so this "software flaw" can be > >leveraged > >>>as > >>>security vulnerability. > >>> > >>>I'm with Thierry on this... > >>> > >>> > >>>Regards, > >>> > >>>Nick FitzGerald > >>> > >>> > >>>_______________________________________________ > >>>Full-Disclosure - We believe in it. > >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>Hosted and sponsored by Secunia - http://secunia.com/ > >> -----BEGIN PGP SIGNATURE----- > >> Charset: UTF8 > >> Version: Hush 3.0 > >> Note: This signature can be verified at > >https://www.hushtools.com/verify > >> > >> > >wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+ > >0 > >> > >b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXF > >m > >> > >7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAh > >p > >> UpXIZ1s= > >> =zgqd > >> -----END PGP SIGNATURE----- > >> > >> -- > >> Become a medical transcriptionist at home, at your own pace. > >> > >http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7c > >DXj4iASDyccuLtQA2i9f1le/ > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVrkn > TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlNA5 > wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3vju > P7xAvvQ= > =avqi > -----END PGP SIGNATURE----- > > -- > Click to find great rates on health insurance, save big, shop here. > > http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2GWai39WLJo4QlOxYCnjxaqn9u/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists