| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: gobbles at hush.com (gobbles@...h.com) Subject: XP security hole uplddrvinfo.htm fuck you 2. mindless consultant rely on charletan look dumb fuck gibson suck nothing but shit covered dick Paul Tinsley get gibson left over must taste good here is invoice i look smart hire again mom is proud >You people amaze me.... you are too busy proving that each othe >r suck to >just get the word out on exploits. You should note that I neve >r claimed >who discovered it, I honestly don't care. I know personally I >would >prefer if political agendas or conspiracy theories stay off the > list. >Point is, systems are insecure, get the word out. Pat on the b >ack for >whoever did discover it... > > So revised version of original message: >I haven't seen much if any coverage of a rather nasty exploit i >n Windows >XP that was discovered by what I believe was a human on earth. > If you >would like to keep your XP boxes from being venerable to this e >xploit >which happens to delete whatever a properly formed link request >s, delete >%windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm > >Thank you to Thor for posting more accurate information in repl >y to my >message.... >Shane Hird discovered it. >You can see his post here: > >http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.h >tml > >And you can try a proof-of-concept here: > >http://jscript.dk/2002/8/sec/xphelpdelete.html > >And you can see all of the 20 publicly known unpatched vulnerab >ilities >in Internet Explorer here: > >http://www.pivx.com/larholm/unpatched/ > > >-----Original Message----- >From: gobbles@...h.com [mailto:gobbles@...h.com] >Sent: Tuesday, September 10, 2002 2:36 PM >Subject: Re: [Full-Disclosure] XP security hole uplddrvinfo.htm > > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Steve Gibson=FUD charlaten www.grcsucks.com > >>Sorry if this has already been posted but I was made aware of >a >> rather >>ugly security hole in Windows XP. >> > >FUD FUD FUD > >>This vulnerability allows the files contained in any specified > >>directory >>on your system to be deleted if you click on a specially forme >d >> URL. >>This URL could appear anywhere: sent in malicious eMail, in a >c >>hat room, >>in a newsgroup posting, on a malicious web page, or even execu >t >>ed when > >Geogie Guninski discovered this long time ago. Major vulnerabi >lity also >exist if user type format command wrong. > >Gibson no skills not discover this. > >>your computer merely visits a malicious web page. It is likely > >>to be >>widely exploited soon. > >Widely exploited soon? Gibson planning something? > >bullshit bullshit bullshit > > >>This vulnerability is so dangerous that it would be irresponsi >b >>le for me >>to say more. Microsoft has known of this problem for months an >d > >FUD FUD FUD bullshit bullshit bullshit. Gibson is marketing. >General >terms high level bullshit mean more consultant dollars. > >> has, >>inexplicably, done nothing before now. Although XP's Service P >a >>ck 1 is >>not small (approx 30 MB for express installation or 140 MB for > >>the >>network install), and even though a much quicker and easier so >l >>ution to >>this problem exists, the only thing I can safely recommend (wi >t >>hout >>revealing too much) is to urge all XP users to somehow obtain >a >>nd >>install Service Pack 1 immediately. (If you have a slow Intern >e >>t >>connection, perhaps a friend can download the executable Servi >c >>e Pack >>file and burn it onto a CD for you?) > >More fud fud fud bullshit bullshit bullshit. Problem fixed wit >h hotfix >not sp1. Gibson very dumb. > >>This problem does not affect any systems other than Windows XP >. >> If you >>have any friends or co-workers running Windows XP, please urge > >>them to >>update their systems' too. Once the details of this vulnerabil >i >>ty have >>leaked through other channels I will provide additional inform >a >>tion. > >Gibson planning leak? Tell friends that Gibson great security >guy and >pay to consult. bullshit bullshit bullshit FUD FUD FUD > >>there is an alternative. There's a file you can rename or dele >t >>e to fix >>the security hole. Here are the steps: >> >>Perform a search for a file on your C drive called "uplddrvinf >o >>.htm." >>Once you've found the file, delete it or rename it. Doing so w >i >>ll not >>hinder your ability to use Windows XP. > >bullshit bullshit bullshit. > >Does not fix problem. Gibson is dumb. > >-----BEGIN PGP SIGNATURE----- >Version: Hush 2.1 >Note: This signature can be verified at https://www.hushtools.c >om > >wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiwC >gkCxM >SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd >=Ok0V >-----END PGP SIGNATURE----- > > > > >Get your free encrypted email at https://www.hushmail.com > >You people amaze me.... you are too busy proving that each othe >r suck to >just get the word out on exploits. You should note that I neve >r claimed >who discovered it, I honestly don't care. I know personally I >would >prefer if political agendas or conspiracy theories stay off the > list. >Point is, systems are insecure, get the word out. Pat on the b >ack for >whoever did discover it... > > So revised version of original message: >I haven't seen much if any coverage of a rather nasty exploit i >n Windows >XP that was discovered by what I believe was a human on earth. > If you >would like to keep your XP boxes from being venerable to this e >xploit >which happens to delete whatever a properly formed link request >s, delete >%windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm > >Thank you to Thor for posting more accurate information in repl >y to my >message.... >Shane Hird discovered it. >You can see his post here: > >http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.h >tml > >And you can try a proof-of-concept here: > >http://jscript.dk/2002/8/sec/xphelpdelete.html > >And you can see all of the 20 publicly known unpatched vulnerab >ilities >in Internet Explorer here: > >http://www.pivx.com/larholm/unpatched/ > > >-----Original Message----- >From: gobbles@...h.com [mailto:gobbles@...h.com] >Sent: Tuesday, September 10, 2002 2:36 PM >Subject: Re: [Full-Disclosure] XP security hole uplddrvinfo.htm > > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Steve Gibson=FUD charlaten www.grcsucks.com > >>Sorry if this has already been posted but I was made aware of >a >> rather >>ugly security hole in Windows XP. >> > >FUD FUD FUD > >>This vulnerability allows the files contained in any specified > >>directory >>on your system to be deleted if you click on a specially forme >d >> URL. >>This URL could appear anywhere: sent in malicious eMail, in a >c >>hat room, >>in a newsgroup posting, on a malicious web page, or even execu >t >>ed when > >Geogie Guninski discovered this long time ago. Major vulnerabi >lity also >exist if user type format command wrong. > >Gibson no skills not discover this. > >>your computer merely visits a malicious web page. It is likely > >>to be >>widely exploited soon. > >Widely exploited soon? Gibson planning something? > >bullshit bullshit bullshit > > >>This vulnerability is so dangerous that it would be irresponsi >b >>le for me >>to say more. Microsoft has known of this problem for months an >d > >FUD FUD FUD bullshit bullshit bullshit. Gibson is marketing. >General >terms high level bullshit mean more consultant dollars. > >> has, >>inexplicably, done nothing before now. Although XP's Service P >a >>ck 1 is >>not small (approx 30 MB for express installation or 140 MB for > >>the >>network install), and even though a much quicker and easier so >l >>ution to >>this problem exists, the only thing I can safely recommend (wi >t >>hout >>revealing too much) is to urge all XP users to somehow obtain >a >>nd >>install Service Pack 1 immediately. (If you have a slow Intern >e >>t >>connection, perhaps a friend can download the executable Servi >c >>e Pack >>file and burn it onto a CD for you?) > >More fud fud fud bullshit bullshit bullshit. Problem fixed wit >h hotfix >not sp1. Gibson very dumb. > >>This problem does not affect any systems other than Windows XP >. >> If you >>have any friends or co-workers running Windows XP, please urge > >>them to >>update their systems' too. Once the details of this vulnerabil >i >>ty have >>leaked through other channels I will provide additional inform >a >>tion. > >Gibson planning leak? Tell friends that Gibson great security >guy and >pay to consult. bullshit bullshit bullshit FUD FUD FUD > >>there is an alternative. There's a file you can rename or dele >t >>e to fix >>the security hole. Here are the steps: >> >>Perform a search for a file on your C drive called "uplddrvinf >o >>.htm." >>Once you've found the file, delete it or rename it. Doing so w >i >>ll not >>hinder your ability to use Windows XP. > >bullshit bullshit bullshit. > >Does not fix problem. Gibson is dumb. > >-----BEGIN PGP SIGNATURE----- >Version: Hush 2.1 >Note: This signature can be verified at https://www.hushtools.c >om > >wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiwC >gkCxM >SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd >=Ok0V >-----END PGP SIGNATURE----- > > > > >Get your free encrypted email at https://www.hushmail.com > Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists