lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070920223753.383C32E021@mailserver5.hushmail.com>
Date: Thu, 20 Sep 2007 18:34:03 -0400
From: "Joey Mengele" <joey.mengele@...hmail.com>
To: <pdp.gnucitizen@...glemail.com>, <ge@...uxbox.org>
Cc: <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com>
Subject: Re: [Full-disclosure] 0day: PDF pwns Windows

Dear Fatboy,

Let's put aside for a minute the fact that you have no idea what 
you are talking about and let's also, for the benefit of this very 
valuable debate, assume your definition is correct. First, please 
prove this bug was never used in the wild. After that, please prove 
your credibility in the realm of defining words related to illegal 
computer hacking. Thanks.

J

P.S. Talking about botnets doesn't count to satisfy part 1 OR part 2

___
"If today I stand here as a revolutionary, it is as a revolutionary 
against the Revolution." 


On Thu, 20 Sep 2007 11:29:22 -0400 Gadi Evron <ge@...uxbox.org> 
wrote:
>Impressive vulnerability, new. Not a 0day.
>
>Not to start an argument again, but fact is, people stop calling 
>everything a 0day unless it is, say WMF, ANI, etc. exploited in 
>the wild 
>without being known.
>
>I don't like the mis-use of this buzzword.
>
> 	Gadi.
>
>
>On Thu, 20 Sep 2007, pdp (architect) wrote:
>
>> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
>>
>> I am closing the season with the following HIGH Risk 
>vulnerability:
>> Adobe Acrobat/Reader PDF documents can be used to compromise 
>your
>> Windows box. Completely!!! Invisibly and unwillingly!!! All it 
>takes
>> is to open a PDF document or stumble across a page which embeds 
>one.
>>
>> The issue is quite critical given the fact that PDF documents 
>are in
>> the core of today's modern business. This and the fact that it 
>may
>> take a while for Adobe to fix their closed source product, are 
>the
>> reasons why I am not going to publish any POCs. You have to take 
>my
>> word for it. The POCs will be released when an update is 
>available.
>>
>> Adobe's representatives can contact me from the usual place. My 
>advise
>> for you is not to open any PDF files (locally or remotely). 
>Other PDF
>> viewers might be vulnerable too. The issues was verified on 
>Windows XP
>> SP2 with the latest Adobe Reader 8.1, although previous versions 
>and
>> other setups are also affected.
>>
>> A formal summary and conclusion of the GNUCITIZEN bug hunt to be 
>expected soon.
>>
>> cheers
>>
>> -- 
>> pdp (architect) | petko d. petkov
>> http://www.gnucitizen.org
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

--
Click for free info on earning your associates degrees.
http://tagline.hushmail.com/fc/Ioyw6h4dDtGMI3TNpcvpjdNAOmIKYwGE2mXyuQX1wCzAkHpnY9xTtK/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ