lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 3 Mar 2009 17:54:51 -0500
From: Jason Starks <jstarks440@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple Safari ... DoS Vulnerability

Mr. Mustache,

There is a missing "s" on the end of my last name.

Yours truly,

Jason "Bench Press" Starks

On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mr. Stark,
>
> Adhering to the tradition of my fathers, I do not sport any facial
> hair and take offense to your comment, and since you're obviously
> lacking basic observational skills I highly doubt you're even as
> talented as my Cadburys, at anything.
>
> - -bm
>
> On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks
> <jstarks440@...il.com> wrote:
> >Mr. Mustache, it is obvious that I have more talent than a box of
> >chocolates, and that you envy the sadistic nature of your fellow
> >trolls on
> >this list. Point blank.
> >
> >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com> wrote:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Dear Valdis,
> >>
> >> I have been able to reproduce a similar situation using Firefox
> >> under MacOSX, using different websites and a significantly
> >larger
> >> number of tabs.  Do you think these issues might be related or
> >are
> >> they operating system specific?  What model of CPU were you
> >testing
> >> this issue under?
> >>
> >> Thanks,
> >> - -bm
> >>
> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache
> >> <security.mustache@...il.com> wrote:
> >> >I would like to point out that I have been able to create a
> >"hung"
> >> >state in the Firefox browser by opening 30 simultaneous tabs
> >> >pointed
> >> >at http://www.welcometointernet.org/lawnmower/ and adding a
> >31st
> >> >tab
> >> >viewing http://www.hotrussianbrides.com.
> >> >
> >> >Also, I am not amused.
> >> >
> >> >
> >> >Your humble servant,
> >> >Ze Mustache von Kletnieks
> >> >
> >> >On Mon, Mar 2, 2009 at 10:29 PM,  <bobby.mugabe@...hmail.com>
> >> >wrote:
> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> Hash: SHA1
> >> >>
> >> >> Dear Nick,
> >> >>
> >> >> You and Thierry Loller are wrong.
> >> >>
> >> >> - -bm
> >> >>
> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald
> ><nick@...us-
> >> >> l.demon.co.uk> wrote:
> >> >>>Chris Evans to Thierry Zoller:
> >> >>>
> >> >>>> > Example
> >> >>>> > If a chrome tab can be crashed arbritarely (remotely) it
> >is
> >> >a
> >> >>>DoS attack
> >> >>>> > but with ridiculy low impact to the end-user as it only
> >> >>>crashes the tab
> >> >>>> > it was subjected to, and not the whole browser or
> >operation
> >> >>>system.
> >> >>>> > But the fact remains that this was the impact of a DoS
> >> >>>condition,
> >> >>>> > the tab crashes arbritarily.
> >> >>>>
> >> >>>> Eh? If you visit www.evil.com and your tab crashes, that's
> >no
> >> >>>> different from www.evil.com closing its own tab with
> >> >Javascript.
> >> >>>
> >> >>>But what if www.evil.com has run an injection attack of some
> >> >kind
> >> >>>(SQL,
> >> >>>XSS in blog comments, etc, etc) against www.stupid.com?
> >> >>>
> >> >>>Visitors to stupid.com then suffer a DoS...
> >> >>>
> >> >>>Yes, stupid.com should run their site better, fix their
> >myriad
> >> >XSS
> >> >>>holes,
> >> >>>etc, etc.
> >> >>>
> >> >>>But this is the Internet, so this "software flaw" can be
> >> >leveraged
> >> >>>as
> >> >>>security vulnerability.
> >> >>>
> >> >>>I'm with Thierry on this...
> >> >>>
> >> >>>
> >> >>>Regards,
> >> >>>
> >> >>>Nick FitzGerald
> >> >>>
> >> >>>
> >> >>>_______________________________________________
> >> >>>Full-Disclosure - We believe in it.
> >> >>>Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >> >>>Hosted and sponsored by Secunia - http://secunia.com/
> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> Charset: UTF8
> >> >> Version: Hush 3.0
> >> >> Note: This signature can be verified at
> >> >https://www.hushtools.com/verify
> >> >>
> >> >>
> >>
> >>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8
> >+
> >> >0
> >> >>
> >>
> >>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxX
> >F
> >> >m
> >> >>
> >>
> >>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eA
> >h
> >> >p
> >> >> UpXIZ1s=
> >> >> =zgqd
> >> >> -----END PGP SIGNATURE-----
> >> >>
> >> >> --
> >> >> Become a medical transcriptionist at home, at your own pace.
> >> >>
> >>
> >>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7
> >c
> >> >DXj4iASDyccuLtQA2i9f1le/
> >> >>
> >> >> _______________________________________________
> >> >> Full-Disclosure - We believe in it.
> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >> >> Hosted and sponsored by Secunia - http://secunia.com/
> >> >>
> >> >
> >> >_______________________________________________
> >> >Full-Disclosure - We believe in it.
> >> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> >Hosted and sponsored by Secunia - http://secunia.com/
> >> -----BEGIN PGP SIGNATURE-----
> >> Charset: UTF8
> >> Version: Hush 3.0
> >> Note: This signature can be verified at
> >https://www.hushtools.com/verify
> >>
> >>
> >wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVrk
> >n
> >>
> >TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlNA
> >5
> >>
> >wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3vj
> >u
> >> P7xAvvQ=
> >> =avqi
> >> -----END PGP SIGNATURE-----
> >>
> >> --
> >> Click to find great rates on health insurance, save big, shop
> >here.
> >>
> >>
> >http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2GW
> >ai39WLJo4QlOxYCnjxaqn9u/
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0JSg
> XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwrFM
> kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4CL
> XTUWWLI=
> =FOnb
> -----END PGP SIGNATURE-----
>
> --
> Become a medical transcriptionist at home, at your own pace.
>
> http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEPVYBzpFXa7E7s6QHH4MsdQbb6/
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ