lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 26 Dec 2004 19:45:54 -0500
From: Nancy Kramer <nekramer@...dtheater.net>
To: Thomas Sutpen <sutpen@...il.com>, "announce@...0.org" <announce@...0.org>
Cc: bugtraq@...urityfocus.com, dailydave@...unitysec.com,
        full-disclosure@...ts.netsys.com
Subject: Re: Shoe 1.0 - Remote Lace Overflow

The points on cowboy boots are also great for stepping on cockroaches in 
corners thereby helping one maintain a bug free environment.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web


At 06:49 PM 12/25/2004, Thomas Sutpen wrote:

>On Wed, 22 Dec 2004 11:20:45 -0500, announce@...0.org <announce@...0.org> 
>wrote:
>[...]
> >  Vulnerable Sizes:
> >  -----------------
> >  6 through 13. Other sizes may be vulnerable, but were unavailable for 
> testing.
>
>Cursory note:  The guy with the size 13s must get all the chicks.  You
>know what they say ....
>
>[...]
>
> >  Fix:
> >  ----
> >  Do not wear untrusted shoes sent to you. Other possible workarounds 
> include
> >  sandals (aka. flip-flops). These are a good work-around and are widely
> >  available for those concerned about their security.
>
>Merrell also makes a "Jungle Moc" that is a mitigating factor to this
>vulnerability.  All shoes of similar "Moccasin" styles, as well as
>Cowboy Boots, also seem to be unaffected.  Cowboy Boots with spurs
>seem to add an additional layer of security, as well as cool points.
>
>Review of their website seems to indicate that they're going to be
>discontinuing the line, though.  So, with Boxing Day tommorrow, I'd
>recommend snapping up a few pairs as a cautionary posture against the
>possibility of future attacks.
>
>[...]
>
>TS
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.822 / Virus Database: 560 - Release Date: 12/22/2004


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.822 / Virus Database: 560 - Release Date: 12/22/2004

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ