lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 3 Mar 2009 00:29:53 -0500
From: "Valdis' Mustache" <security.mustache@...il.com>
To: Jason Starks <jstarks440@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple Safari ... DoS Vulnerability

Jason,

Initially I was not amused by your sententious and self-righteous
reply, coming as it does from someone apparently unable to read GCC
documentation, someone whose very question on this very list resulted
in substantial wasting of time by the owner of this very mustache
(time that might better be spent combing and waxing me) answering your
rudimentary question in the most obtuse and abstract way possible.

Nonetheless, I will overlook your slight this once, because it appears
that while less than adept at the use of various Internet Lists, you
are an accomplished sportsman.

http://www.youtube.com/watch?v=wvYKxRmGiAA

Indeed, since this mustache itself weighs far less than the 145kg
hefted in the above film, I fear you could in fact rip me quite
unceremoniously from my owner's face, which would cause both of us
substantial harm.

As such, I will pay you the respect that your girth deserves, if not
your intellect.


Your humble servant,
Mustaţa de Valdis


On Mon, Mar 2, 2009 at 11:57 PM, Jason Starks <jstarks440@...il.com> wrote:
> Grow up, really.
>
> On Mon, Mar 2, 2009 at 11:41 PM, Valdis' Mustache
> <security.mustache@...il.com> wrote:
>>
>> I would like to point out that I have been able to create a "hung"
>> state in the Firefox browser by opening 30 simultaneous tabs pointed
>> at http://www.welcometointernet.org/lawnmower/ and adding a 31st tab
>> viewing http://www.hotrussianbrides.com.
>>
>> Also, I am not amused.
>>
>>
>> Your humble servant,
>> Ze Mustache von Kletnieks
>>
>> On Mon, Mar 2, 2009 at 10:29 PM,  <bobby.mugabe@...hmail.com> wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > Dear Nick,
>> >
>> > You and Thierry Loller are wrong.
>> >
>> > - -bm
>> >
>> > On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald <nick@...us-
>> > l.demon.co.uk> wrote:
>> >>Chris Evans to Thierry Zoller:
>> >>
>> >>> > Example
>> >>> > If a chrome tab can be crashed arbritarely (remotely) it is a
>> >>DoS attack
>> >>> > but with ridiculy low impact to the end-user as it only
>> >>crashes the tab
>> >>> > it was subjected to, and not the whole browser or operation
>> >>system.
>> >>> > But the fact remains that this was the impact of a DoS
>> >>condition,
>> >>> > the tab crashes arbritarily.
>> >>>
>> >>> Eh? If you visit www.evil.com and your tab crashes, that's no
>> >>> different from www.evil.com closing its own tab with Javascript.
>> >>
>> >>But what if www.evil.com has run an injection attack of some kind
>> >>(SQL,
>> >>XSS in blog comments, etc, etc) against www.stupid.com?
>> >>
>> >>Visitors to stupid.com then suffer a DoS...
>> >>
>> >>Yes, stupid.com should run their site better, fix their myriad XSS
>> >>holes,
>> >>etc, etc.
>> >>
>> >>But this is the Internet, so this "software flaw" can be leveraged
>> >>as
>> >>security vulnerability.
>> >>
>> >>I'm with Thierry on this...
>> >>
>> >>
>> >>Regards,
>> >>
>> >>Nick FitzGerald
>> >>
>> >>
>> >>_______________________________________________
>> >>Full-Disclosure - We believe in it.
>> >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >>Hosted and sponsored by Secunia - http://secunia.com/
>> > -----BEGIN PGP SIGNATURE-----
>> > Charset: UTF8
>> > Version: Hush 3.0
>> > Note: This signature can be verified at https://www.hushtools.com/verify
>> >
>> > wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+0
>> > b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXFm
>> > 7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAhp
>> > UpXIZ1s=
>> > =zgqd
>> > -----END PGP SIGNATURE-----
>> >
>> > --
>> > Become a medical transcriptionist at home, at your own pace.
>> >
>> >  http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7cDXj4iASDyccuLtQA2i9f1le/
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ