| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 02 Mar 2009 22:29:39 -0500 From: bobby.mugabe@...hmail.com To: full-disclosure@...ts.grok.org.uk, nick@...us-l.demon.co.uk Subject: Re: Apple Safari ... DoS Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Nick, You and Thierry Loller are wrong. - -bm On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald <nick@...us- l.demon.co.uk> wrote: >Chris Evans to Thierry Zoller: > >> > Example >> > If a chrome tab can be crashed arbritarely (remotely) it is a >DoS attack >> > but with ridiculy low impact to the end-user as it only >crashes the tab >> > it was subjected to, and not the whole browser or operation >system. >> > But the fact remains that this was the impact of a DoS >condition, >> > the tab crashes arbritarily. >> >> Eh? If you visit www.evil.com and your tab crashes, that's no >> different from www.evil.com closing its own tab with Javascript. > >But what if www.evil.com has run an injection attack of some kind >(SQL, >XSS in blog comments, etc, etc) against www.stupid.com? > >Visitors to stupid.com then suffer a DoS... > >Yes, stupid.com should run their site better, fix their myriad XSS >holes, >etc, etc. > >But this is the Internet, so this "software flaw" can be leveraged >as >security vulnerability. > >I'm with Thierry on this... > > >Regards, > >Nick FitzGerald > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+0 b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXFm 7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAhp UpXIZ1s= =zgqd -----END PGP SIGNATURE----- -- Become a medical transcriptionist at home, at your own pace. http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7cDXj4iASDyccuLtQA2i9f1le/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists