lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 23 Mar 2012 16:41:20 -0400
From: Gary Baribault <gary@...ibault.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple IOS security issue pre-advisory record

I find it very unfortunate that 300 supposed security professionals
clicked on a hidden link like that without first checking what it was,
or if not simply ignoring it like I did!!!

Gary Baribault
Courriel: gary@...ibault.net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1


On 03/23/2012 12:34 PM, john doe wrote:
> he he, good catch :)
> Anyway, it doesn't hurt anybody: it's just a vote.
> Well, let me explain. I'm a journalist (non IT, mainstream) preparing
> an article about different internet communities behaviors. I've posted
> similar messages talking about a security issue, pron pics, divx,
> software and breaking news in several famous boards accordingly to
> analyze the different related communities behaviors.
> Each one links to a vote for different video contests so that I can
> measure the hints.
> Good to notice: this message has generated about 300 votes in the
> first 15 minutes, making it the second score behind "divx" for now on.
>
> Thank you, and sorry for inconveniences (if any) !
>
> On Fri, Mar 23, 2012 at 1:59 PM, adam <adam@...sy.net
> <mailto:adam@...sy.net>> wrote:
>
>     That's pretty clever. But it doesn't work when people have tinyURL
>     previews enabled.
>
>     URL:
>     http://www.dailymotion.com/ajax/contest?*ajax_function=vote*&ajax_arg[]=41941248&ajax_arg[]=2223
>     <http://www.dailymotion.com/ajax/contest?ajax_function=vote&ajax_arg[]=41941248&ajax_arg[]=2223>
>
>
>     Response:
>     +:{"message":"Thank you","status":1}
>
>     On Fri, Mar 23, 2012 at 7:14 AM, john doe <ninjaobsessed@...il.com
>     <mailto:ninjaobsessed@...il.com>> wrote:
>
>         Advisory Disclosure MD5: e29e5501dc2ca4d5fc06855762b14393
>         Abstract <http://tinyurl.com/8xq2xcq>
>
>         Regards,
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ