lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 11 Nov 2011 12:32:51 +0100
From: Sam Johnston <samj@...j.net>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Steam defaced

On Fri, Nov 11, 2011 at 12:54 AM, xD 0x41 <secn3t@...il.com> wrote:
>
> about the clouds, dude, i found the whole attacking of amazon as rude,

So did I, which is why I came to Amazon's defense in pointing out that
those in glass houses shouldn't be throwing stones. The company
(Enomaly) abusing Amazon over a complex SAML XML digsig
vulnerability[1] was/is still using a trivial vulnerable signature
mechanism in their own products that Amazon had fixed years ago[2],
among other issues which I had reported 6+ months earlier (not
validating requests, passing prices to clients in hidden form fields,
etc). Their security response is also appalling[3].

> and shit, so, as i said before, your a lamer. and, just stfu and wear
> it, thats MY opinion i did not say the whole list has to follow
> shithead.
>
> stfu and ride your magical carpet thru the clouds... :P~
> to the others who find cloud bs amusing, or ripping or fucking with
> amazon as amusing, go read what your kids are buying shit from.. then
> maybe you would see, some places, you do not fuck with, you ttreat
> with respect, because they sometimes wont affect you directly, but
> oneday, it wmay well do this, thanks to your silly exploits on things
> that should not be used like this, features manipulated into
> exploits...shit, you should not be disclosing shit with amazon, on Fd,
> fullstop.
> If you cannot see my view then, your just as stupid as i have thought.
> now go play with your cloud formations, and upload some f1les to s0m3
> l33t 4p4ch3 s3rv3r kid.
>
> eh sorry henri and others, but i had to just get that out to, about
> cloud/sploitcloud... it is fkn ridicuoud...asking for trouble, people
> like that should get knocks on the door, simply to be put into a
> mnental home for theyre own good.

Sorry for the confusion but that's not at all what I said[4]. No harm
done — others replied off list to say they found it amusing. Anyway I
have a credit card to go cancel (per the subject of this thread).

Sam

1. http://www.theregister.co.uk/2011/11/01/amazon_downplays_cloud_crypto_flaw/
2. http://www.daemonology.net/blog/2008-12-18-AWS-signature-version-1-is-insecure.html
3. http://samj.net/2011/11/how-not-to-respond-to-vulnerability.html
4. http://samj.net/2011/10/sploitcloud.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ