lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 3 Mar 2009 18:01:05 -0500
From: Jason Starks <jstarks440@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple Safari ... DoS Vulnerability

Right..

>On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Mr. Stark,

There.

On Tue, Mar 3, 2009 at 5:56 PM, <bobby.mugabe@...hmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Where?
>
> - -bm
>
> On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks
> <jstarks440@...il.com> wrote:
> >Mr. Mustache,
> >
> >There is a missing "s" on the end of my last name.
> >
> >Yours truly,
> >
> >Jason "Bench Press" Starks
> >
> >On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> wrote:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Mr. Stark,
> >>
> >> Adhering to the tradition of my fathers, I do not sport any
> >facial
> >> hair and take offense to your comment, and since you're
> >obviously
> >> lacking basic observational skills I highly doubt you're even as
> >> talented as my Cadburys, at anything.
> >>
> >> - -bm
> >>
> >> On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks
> >> <jstarks440@...il.com> wrote:
> >> >Mr. Mustache, it is obvious that I have more talent than a box
> >of
> >> >chocolates, and that you envy the sadistic nature of your
> >fellow
> >> >trolls on
> >> >this list. Point blank.
> >> >
> >> >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com>
> >wrote:
> >> >
> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> Hash: SHA1
> >> >>
> >> >> Dear Valdis,
> >> >>
> >> >> I have been able to reproduce a similar situation using
> >Firefox
> >> >> under MacOSX, using different websites and a significantly
> >> >larger
> >> >> number of tabs.  Do you think these issues might be related
> >or
> >> >are
> >> >> they operating system specific?  What model of CPU were you
> >> >testing
> >> >> this issue under?
> >> >>
> >> >> Thanks,
> >> >> - -bm
> >> >>
> >> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache
> >> >> <security.mustache@...il.com> wrote:
> >> >> >I would like to point out that I have been able to create a
> >> >"hung"
> >> >> >state in the Firefox browser by opening 30 simultaneous tabs
> >> >> >pointed
> >> >> >at http://www.welcometointernet.org/lawnmower/ and adding a
> >> >31st
> >> >> >tab
> >> >> >viewing http://www.hotrussianbrides.com.
> >> >> >
> >> >> >Also, I am not amused.
> >> >> >
> >> >> >
> >> >> >Your humble servant,
> >> >> >Ze Mustache von Kletnieks
> >> >> >
> >> >> >On Mon, Mar 2, 2009 at 10:29 PM,
> ><bobby.mugabe@...hmail.com>
> >> >> >wrote:
> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> Hash: SHA1
> >> >> >>
> >> >> >> Dear Nick,
> >> >> >>
> >> >> >> You and Thierry Loller are wrong.
> >> >> >>
> >> >> >> - -bm
> >> >> >>
> >> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald
> >> ><nick@...us-
> >> >> >> l.demon.co.uk> wrote:
> >> >> >>>Chris Evans to Thierry Zoller:
> >> >> >>>
> >> >> >>>> > Example
> >> >> >>>> > If a chrome tab can be crashed arbritarely (remotely)
> >it
> >> >is
> >> >> >a
> >> >> >>>DoS attack
> >> >> >>>> > but with ridiculy low impact to the end-user as it
> >only
> >> >> >>>crashes the tab
> >> >> >>>> > it was subjected to, and not the whole browser or
> >> >operation
> >> >> >>>system.
> >> >> >>>> > But the fact remains that this was the impact of a DoS
> >> >> >>>condition,
> >> >> >>>> > the tab crashes arbritarily.
> >> >> >>>>
> >> >> >>>> Eh? If you visit www.evil.com and your tab crashes,
> >that's
> >> >no
> >> >> >>>> different from www.evil.com closing its own tab with
> >> >> >Javascript.
> >> >> >>>
> >> >> >>>But what if www.evil.com has run an injection attack of
> >some
> >> >> >kind
> >> >> >>>(SQL,
> >> >> >>>XSS in blog comments, etc, etc) against www.stupid.com?
> >> >> >>>
> >> >> >>>Visitors to stupid.com then suffer a DoS...
> >> >> >>>
> >> >> >>>Yes, stupid.com should run their site better, fix their
> >> >myriad
> >> >> >XSS
> >> >> >>>holes,
> >> >> >>>etc, etc.
> >> >> >>>
> >> >> >>>But this is the Internet, so this "software flaw" can be
> >> >> >leveraged
> >> >> >>>as
> >> >> >>>security vulnerability.
> >> >> >>>
> >> >> >>>I'm with Thierry on this...
> >> >> >>>
> >> >> >>>
> >> >> >>>Regards,
> >> >> >>>
> >> >> >>>Nick FitzGerald
> >> >> >>>
> >> >> >>>
> >> >> >>>_______________________________________________
> >> >> >>>Full-Disclosure - We believe in it.
> >> >> >>>Charter: http://lists.grok.org.uk/full-disclosure-
> >> >charter.html
> >> >> >>>Hosted and sponsored by Secunia - http://secunia.com/
> >> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> >> Charset: UTF8
> >> >> >> Version: Hush 3.0
> >> >> >> Note: This signature can be verified at
> >> >> >https://www.hushtools.com/verify
> >> >> >>
> >> >> >>
> >> >>
> >>
> >>>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh
> >8
> >> >+
> >> >> >0
> >> >> >>
> >> >>
> >>
> >>>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fx
> >X
> >> >F
> >> >> >m
> >> >> >>
> >> >>
> >>
> >>>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5e
> >A
> >> >h
> >> >> >p
> >> >> >> UpXIZ1s=
> >> >> >> =zgqd
> >> >> >> -----END PGP SIGNATURE-----
> >> >> >>
> >> >> >> --
> >> >> >> Become a medical transcriptionist at home, at your own
> >pace.
> >> >> >>
> >> >>
> >>
> >>>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc
> >7
> >> >c
> >> >> >DXj4iASDyccuLtQA2i9f1le/
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> Full-Disclosure - We believe in it.
> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
> >> >charter.html
> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
> >> >> >>
> >> >> >
> >> >> >_______________________________________________
> >> >> >Full-Disclosure - We believe in it.
> >> >> >Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >> >> >Hosted and sponsored by Secunia - http://secunia.com/
> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> Charset: UTF8
> >> >> Version: Hush 3.0
> >> >> Note: This signature can be verified at
> >> >https://www.hushtools.com/verify
> >> >>
> >> >>
> >>
> >>wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVr
> >k
> >> >n
> >> >>
> >>
> >>TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlN
> >A
> >> >5
> >> >>
> >>
> >>wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3v
> >j
> >> >u
> >> >> P7xAvvQ=
> >> >> =avqi
> >> >> -----END PGP SIGNATURE-----
> >> >>
> >> >> --
> >> >> Click to find great rates on health insurance, save big, shop
> >> >here.
> >> >>
> >> >>
> >>
> >>http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2G
> >W
> >> >ai39WLJo4QlOxYCnjxaqn9u/
> >> >>
> >> >> _______________________________________________
> >> >> Full-Disclosure - We believe in it.
> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
> >charter.html
> >> >> Hosted and sponsored by Secunia - http://secunia.com/
> >> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Charset: UTF8
> >> Version: Hush 3.0
> >> Note: This signature can be verified at
> >https://www.hushtools.com/verify
> >>
> >>
> >wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0JS
> >g
> >>
> >XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwrF
> >M
> >>
> >kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4C
> >L
> >> XTUWWLI=
> >> =FOnb
> >> -----END PGP SIGNATURE-----
> >>
> >> --
> >> Become a medical transcriptionist at home, at your own pace.
> >>
> >>
> >http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEPV
> >YBzpFXa7E7s6QHH4MsdQbb6/
> >>
> >>
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ6
> 1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixhk
> f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu3
> eJKIjEU=
> =MEss
> -----END PGP SIGNATURE-----
>
> --
> Thinking of a life with religion?  Click here to find a religious school
> near you.
>
> http://tagline.hushmail.com/fc/BLSrjkqkOt23N64MfCBCDe7Ocvf3t1DcVFSDppHSTZUDCQJQcaRhPY88GLe/
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ