lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 11 Jan 2005 20:01:00 -0800
From: Andrew Farmer <andfarm@...novis.com>
To: "Team Pwnge" <team_pwn4ge@...gun.com>
Cc: vulnwatch@...nwatch.org, bugtraq@...urityfocus.com,
        full-disclosure@...ts.netsys.com
Subject: Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER

On 11 Jan 2005, at 14:52, Team Pwnge wrote:
							   ^^^^^

Nice start: you can't even spell your own name correctly.

<snip... blah, blah, blah>


> Description
> ===========
>
> Shogun Suzuki discovered that a remote user can connect to any
> machine via numerous exploits and use Windows Explorer to view files,
> rename files, delete files, change permissions on files stored on a
> remote machine that has been pwned.

Pray tell. An important element of disclosure is to actually disclose
something. This, however, depends on there actually being something
worth disclosing.


> Impact
> ======
>
> A remote attacker could install something similar to PCAnywhere
> after exploiting Windows and use Windows' Explorer to view, copy
> and or open any file on a victims machine.

... or, "after exploiting Windows", an attacker could just "view,
copy, and or open any file on a victims[sic] machine" without
Explorer's help.


> Concerns?
> =========
>
> Security is a primary focus of TEAM PWN4GE ...

Er... right.


> ... and ensuring the
> progress of secure Windows machines be our dreams.

And grammar be you lacking.

Oh, wait. You probably haven't gotten to that in school yet. Never
mind.


> ... As security
> concerns should be addressed to respective vendors, ...

Reasonable enough, I suppose...


> ... we feel the urge to bypass standards ...

Um... yeah. "We think that $X is good, so we aren't going to do it."


> ... and bring our common dreams of a secure homeland to the Interweb.

*SPLUTTER*

Download attachment "PGP.sig" of type "application/pgp-signature" (187 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ