| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Mar 2009 17:45:49 -0500 From: bobby.mugabe@...hmail.com To: full-disclosure@...ts.grok.org.uk, jstarks440@...il.com Subject: Re: Apple Safari ... DoS Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mr. Stark, Adhering to the tradition of my fathers, I do not sport any facial hair and take offense to your comment, and since you're obviously lacking basic observational skills I highly doubt you're even as talented as my Cadburys, at anything. - -bm On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks <jstarks440@...il.com> wrote: >Mr. Mustache, it is obvious that I have more talent than a box of >chocolates, and that you envy the sadistic nature of your fellow >trolls on >this list. Point blank. > >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Dear Valdis, >> >> I have been able to reproduce a similar situation using Firefox >> under MacOSX, using different websites and a significantly >larger >> number of tabs. Do you think these issues might be related or >are >> they operating system specific? What model of CPU were you >testing >> this issue under? >> >> Thanks, >> - -bm >> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache >> <security.mustache@...il.com> wrote: >> >I would like to point out that I have been able to create a >"hung" >> >state in the Firefox browser by opening 30 simultaneous tabs >> >pointed >> >at http://www.welcometointernet.org/lawnmower/ and adding a >31st >> >tab >> >viewing http://www.hotrussianbrides.com. >> > >> >Also, I am not amused. >> > >> > >> >Your humble servant, >> >Ze Mustache von Kletnieks >> > >> >On Mon, Mar 2, 2009 at 10:29 PM, <bobby.mugabe@...hmail.com> >> >wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> Dear Nick, >> >> >> >> You and Thierry Loller are wrong. >> >> >> >> - -bm >> >> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald ><nick@...us- >> >> l.demon.co.uk> wrote: >> >>>Chris Evans to Thierry Zoller: >> >>> >> >>>> > Example >> >>>> > If a chrome tab can be crashed arbritarely (remotely) it >is >> >a >> >>>DoS attack >> >>>> > but with ridiculy low impact to the end-user as it only >> >>>crashes the tab >> >>>> > it was subjected to, and not the whole browser or >operation >> >>>system. >> >>>> > But the fact remains that this was the impact of a DoS >> >>>condition, >> >>>> > the tab crashes arbritarily. >> >>>> >> >>>> Eh? If you visit www.evil.com and your tab crashes, that's >no >> >>>> different from www.evil.com closing its own tab with >> >Javascript. >> >>> >> >>>But what if www.evil.com has run an injection attack of some >> >kind >> >>>(SQL, >> >>>XSS in blog comments, etc, etc) against www.stupid.com? >> >>> >> >>>Visitors to stupid.com then suffer a DoS... >> >>> >> >>>Yes, stupid.com should run their site better, fix their >myriad >> >XSS >> >>>holes, >> >>>etc, etc. >> >>> >> >>>But this is the Internet, so this "software flaw" can be >> >leveraged >> >>>as >> >>>security vulnerability. >> >>> >> >>>I'm with Thierry on this... >> >>> >> >>> >> >>>Regards, >> >>> >> >>>Nick FitzGerald >> >>> >> >>> >> >>>_______________________________________________ >> >>>Full-Disclosure - We believe in it. >> >>>Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >> >>>Hosted and sponsored by Secunia - http://secunia.com/ >> >> -----BEGIN PGP SIGNATURE----- >> >> Charset: UTF8 >> >> Version: Hush 3.0 >> >> Note: This signature can be verified at >> >https://www.hushtools.com/verify >> >> >> >> >> >>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8 >+ >> >0 >> >> >> >>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxX >F >> >m >> >> >> >>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eA >h >> >p >> >> UpXIZ1s= >> >> =zgqd >> >> -----END PGP SIGNATURE----- >> >> >> >> -- >> >> Become a medical transcriptionist at home, at your own pace. >> >> >> >>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7 >c >> >DXj4iASDyccuLtQA2i9f1le/ >> >> >> >> _______________________________________________ >> >> Full-Disclosure - We believe in it. >> >> Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> > >> >_______________________________________________ >> >Full-Disclosure - We believe in it. >> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >Hosted and sponsored by Secunia - http://secunia.com/ >> -----BEGIN PGP SIGNATURE----- >> Charset: UTF8 >> Version: Hush 3.0 >> Note: This signature can be verified at >https://www.hushtools.com/verify >> >> >wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVrk >n >> >TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlNA >5 >> >wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3vj >u >> P7xAvvQ= >> =avqi >> -----END PGP SIGNATURE----- >> >> -- >> Click to find great rates on health insurance, save big, shop >here. >> >> >http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2GW >ai39WLJo4QlOxYCnjxaqn9u/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0JSg XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwrFM kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4CL XTUWWLI= =FOnb -----END PGP SIGNATURE----- -- Click for free info on getting an MBA, $200K/ year potential. http://tagline.hushmail.com/fc/BLSrjkqZ7DKWGNqnRWKwHlKoUxaNp4Bjb2klof04El4zkr563NAPB0o44py/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists