lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 13 Aug 2013 09:02:19 +0200
From: Daniel Preussker <daniel@...ussker.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: 0day IE9/10 information disclosure
	vulnerability

can you paste it somewhere where no login is required please?


Daniel Preussker

[ Security Consultant, Network & Protocol Security and Cryptography
[ LPI & Novell Certified Linux Engineer and Researcher
[ Daniel@...ussker.Net
[ http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x87E736968E490AA1

On 12.08.2013, at 15:31, yuange wrote:

> somebody's poc
>  
> http://weibo.com/p/1005051838905715/weibo?from=page_100505_home&wvr=5.1&mod=weibomore#3610572387549394  
>  
> 微软呀,要怎么说你们呢。3个月的沟通不承认,一定要POC才承认,这么简单的代码看不懂吗?说得那么明白写POC真的有那么难吗?实在太磨叽了。
>  
> 这个漏洞你们还感谢360吗?不是我不配合,3个月的沟通,不给POC就关闭这个漏洞的修补。顺便问一声,那几个漏洞修补还要花几个月呀?
>  
>  
> From: yuange1975@...mail.com
> To: full-disclosure@...ts.grok.org.uk
> Subject: 0day IE9/10 information disclosure vulnerability
> Date: Mon, 29 Jul 2013 07:22:18 +0000
> 
> 
> #0day IE9/10 information disclosure vulnerability http://t.cn/zQJYHgA  .Technical challenge how to write exploit code?
> 
> 漏洞报告已经说得很明白,指出问题代码,怎么定位代码。鉴于微软一次次的纠缠于需要提供POC,那就让大家来写POC吧,写好记得发一份给微软。 :)
> 
> https://twitter.com/yuange75  我的观点:
> 
> #antiNSA 现在APT的大环境下,POC代码、EXP利用技术都是宝贵资源,不想因为中间环节被控制或者SNIFFER而丢失这些宝贵资源,现在坚定报告漏洞不提供POC和EXP,除非有偿的漏洞报告。反汇编指出问题代码点,对于漏洞修补已经提供了足够的重要信息了,要想POC自己分析。
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Download attachment "PGP.sig" of type "application/pgp-signature" (842 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ