lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 3 Mar 2009 18:31:05 -0500
From: Jason Starks <jstarks440@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple Safari ... DoS Vulnerability

Did Safari have a bug or something...

On Tue, Mar 3, 2009 at 6:21 PM, Valdis' Mustache <
security.mustache@...il.com> wrote:

> Mr. Snarks,
>
> If you can't tell the difference between the Zimbabwean president and
> what's under my esteemed owner's nose I suggest you consult RFC 2821
> for guidance.
>
> I am NOT amused.
>
>
> Your humble servant,
> V knír z Valdis
>
> On Tue, Mar 3, 2009 at 6:01 PM, Jason Starks <jstarks440@...il.com> wrote:
> > Right..
> >
> >>On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> wrote:
> >>
> >>> -----BEGIN PGP SIGNED MESSAGE-----
> >>> Hash: SHA1
> >>>
> >>> Mr. Stark,
> >
> > There.
> >
> > On Tue, Mar 3, 2009 at 5:56 PM, <bobby.mugabe@...hmail.com> wrote:
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Where?
> >>
> >> - -bm
> >>
> >> On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks
> >> <jstarks440@...il.com> wrote:
> >> >Mr. Mustache,
> >> >
> >> >There is a missing "s" on the end of my last name.
> >> >
> >> >Yours truly,
> >> >
> >> >Jason "Bench Press" Starks
> >> >
> >> >On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> wrote:
> >> >
> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> Hash: SHA1
> >> >>
> >> >> Mr. Stark,
> >> >>
> >> >> Adhering to the tradition of my fathers, I do not sport any
> >> >facial
> >> >> hair and take offense to your comment, and since you're
> >> >obviously
> >> >> lacking basic observational skills I highly doubt you're even as
> >> >> talented as my Cadburys, at anything.
> >> >>
> >> >> - -bm
> >> >>
> >> >> On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks
> >> >> <jstarks440@...il.com> wrote:
> >> >> >Mr. Mustache, it is obvious that I have more talent than a box
> >> >of
> >> >> >chocolates, and that you envy the sadistic nature of your
> >> >fellow
> >> >> >trolls on
> >> >> >this list. Point blank.
> >> >> >
> >> >> >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com>
> >> >wrote:
> >> >> >
> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> Hash: SHA1
> >> >> >>
> >> >> >> Dear Valdis,
> >> >> >>
> >> >> >> I have been able to reproduce a similar situation using
> >> >Firefox
> >> >> >> under MacOSX, using different websites and a significantly
> >> >> >larger
> >> >> >> number of tabs.  Do you think these issues might be related
> >> >or
> >> >> >are
> >> >> >> they operating system specific?  What model of CPU were you
> >> >> >testing
> >> >> >> this issue under?
> >> >> >>
> >> >> >> Thanks,
> >> >> >> - -bm
> >> >> >>
> >> >> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache
> >> >> >> <security.mustache@...il.com> wrote:
> >> >> >> >I would like to point out that I have been able to create a
> >> >> >"hung"
> >> >> >> >state in the Firefox browser by opening 30 simultaneous tabs
> >> >> >> >pointed
> >> >> >> >at http://www.welcometointernet.org/lawnmower/ and adding a
> >> >> >31st
> >> >> >> >tab
> >> >> >> >viewing http://www.hotrussianbrides.com.
> >> >> >> >
> >> >> >> >Also, I am not amused.
> >> >> >> >
> >> >> >> >
> >> >> >> >Your humble servant,
> >> >> >> >Ze Mustache von Kletnieks
> >> >> >> >
> >> >> >> >On Mon, Mar 2, 2009 at 10:29 PM,
> >> ><bobby.mugabe@...hmail.com>
> >> >> >> >wrote:
> >> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> >> Hash: SHA1
> >> >> >> >>
> >> >> >> >> Dear Nick,
> >> >> >> >>
> >> >> >> >> You and Thierry Loller are wrong.
> >> >> >> >>
> >> >> >> >> - -bm
> >> >> >> >>
> >> >> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald
> >> >> ><nick@...us-
> >> >> >> >> l.demon.co.uk> wrote:
> >> >> >> >>>Chris Evans to Thierry Zoller:
> >> >> >> >>>
> >> >> >> >>>> > Example
> >> >> >> >>>> > If a chrome tab can be crashed arbritarely (remotely)
> >> >it
> >> >> >is
> >> >> >> >a
> >> >> >> >>>DoS attack
> >> >> >> >>>> > but with ridiculy low impact to the end-user as it
> >> >only
> >> >> >> >>>crashes the tab
> >> >> >> >>>> > it was subjected to, and not the whole browser or
> >> >> >operation
> >> >> >> >>>system.
> >> >> >> >>>> > But the fact remains that this was the impact of a DoS
> >> >> >> >>>condition,
> >> >> >> >>>> > the tab crashes arbritarily.
> >> >> >> >>>>
> >> >> >> >>>> Eh? If you visit www.evil.com and your tab crashes,
> >> >that's
> >> >> >no
> >> >> >> >>>> different from www.evil.com closing its own tab with
> >> >> >> >Javascript.
> >> >> >> >>>
> >> >> >> >>>But what if www.evil.com has run an injection attack of
> >> >some
> >> >> >> >kind
> >> >> >> >>>(SQL,
> >> >> >> >>>XSS in blog comments, etc, etc) against www.stupid.com?
> >> >> >> >>>
> >> >> >> >>>Visitors to stupid.com then suffer a DoS...
> >> >> >> >>>
> >> >> >> >>>Yes, stupid.com should run their site better, fix their
> >> >> >myriad
> >> >> >> >XSS
> >> >> >> >>>holes,
> >> >> >> >>>etc, etc.
> >> >> >> >>>
> >> >> >> >>>But this is the Internet, so this "software flaw" can be
> >> >> >> >leveraged
> >> >> >> >>>as
> >> >> >> >>>security vulnerability.
> >> >> >> >>>
> >> >> >> >>>I'm with Thierry on this...
> >> >> >> >>>
> >> >> >> >>>
> >> >> >> >>>Regards,
> >> >> >> >>>
> >> >> >> >>>Nick FitzGerald
> >> >> >> >>>
> >> >> >> >>>
> >> >> >> >>>_______________________________________________
> >> >> >> >>>Full-Disclosure - We believe in it.
> >> >> >> >>>Charter: http://lists.grok.org.uk/full-disclosure-
> >> >> >charter.html
> >> >> >> >>>Hosted and sponsored by Secunia - http://secunia.com/
> >> >> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> >> >> Charset: UTF8
> >> >> >> >> Version: Hush 3.0
> >> >> >> >> Note: This signature can be verified at
> >> >> >> >https://www.hushtools.com/verify
> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >> >>>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh
> >> >8
> >> >> >+
> >> >> >> >0
> >> >> >> >>
> >> >> >>
> >> >>
> >> >>>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fx
> >> >X
> >> >> >F
> >> >> >> >m
> >> >> >> >>
> >> >> >>
> >> >>
> >> >>>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5e
> >> >A
> >> >> >h
> >> >> >> >p
> >> >> >> >> UpXIZ1s=
> >> >> >> >> =zgqd
> >> >> >> >> -----END PGP SIGNATURE-----
> >> >> >> >>
> >> >> >> >> --
> >> >> >> >> Become a medical transcriptionist at home, at your own
> >> >pace.
> >> >> >> >>
> >> >> >>
> >> >>
> >> >>>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc
> >> >7
> >> >> >c
> >> >> >> >DXj4iASDyccuLtQA2i9f1le/
> >> >> >> >>
> >> >> >> >> _______________________________________________
> >> >> >> >> Full-Disclosure - We believe in it.
> >> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
> >> >> >charter.html
> >> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
> >> >> >> >>
> >> >> >> >
> >> >> >> >_______________________________________________
> >> >> >> >Full-Disclosure - We believe in it.
> >> >> >> >Charter: http://lists.grok.org.uk/full-disclosure-
> >> >charter.html
> >> >> >> >Hosted and sponsored by Secunia - http://secunia.com/
> >> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> >> Charset: UTF8
> >> >> >> Version: Hush 3.0
> >> >> >> Note: This signature can be verified at
> >> >> >https://www.hushtools.com/verify
> >> >> >>
> >> >> >>
> >> >>
> >> >>wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVr
> >> >k
> >> >> >n
> >> >> >>
> >> >>
> >> >>TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlN
> >> >A
> >> >> >5
> >> >> >>
> >> >>
> >> >>wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3v
> >> >j
> >> >> >u
> >> >> >> P7xAvvQ=
> >> >> >> =avqi
> >> >> >> -----END PGP SIGNATURE-----
> >> >> >>
> >> >> >> --
> >> >> >> Click to find great rates on health insurance, save big, shop
> >> >> >here.
> >> >> >>
> >> >> >>
> >> >>
> >> >>http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2G
> >> >W
> >> >> >ai39WLJo4QlOxYCnjxaqn9u/
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> Full-Disclosure - We believe in it.
> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
> >> >charter.html
> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
> >> >> >>
> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> Charset: UTF8
> >> >> Version: Hush 3.0
> >> >> Note: This signature can be verified at
> >> >https://www.hushtools.com/verify
> >> >>
> >> >>
> >> >wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0JS
> >> >g
> >> >>
> >> >XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwrF
> >> >M
> >> >>
> >> >kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4C
> >> >L
> >> >> XTUWWLI=
> >> >> =FOnb
> >> >> -----END PGP SIGNATURE-----
> >> >>
> >> >> --
> >> >> Become a medical transcriptionist at home, at your own pace.
> >> >>
> >> >>
> >> >http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEPV
> >> >YBzpFXa7E7s6QHH4MsdQbb6/
> >> >>
> >> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Charset: UTF8
> >> Version: Hush 3.0
> >> Note: This signature can be verified at
> https://www.hushtools.com/verify
> >>
> >> wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ6
> >> 1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixhk
> >> f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu3
> >> eJKIjEU=
> >> =MEss
> >> -----END PGP SIGNATURE-----
> >>
> >> --
> >> Thinking of a life with religion?  Click here to find a religious school
> >> near you.
> >>
> >>
> http://tagline.hushmail.com/fc/BLSrjkqkOt23N64MfCBCDe7Ocvf3t1DcVFSDppHSTZUDCQJQcaRhPY88GLe/
> >>
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ