lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200209102205.g8AM5Re45185@mailserver2.hushmail.com>
From: gobbles at hush.com (gobbles@...h.com)
Subject: XP security hole uplddrvinfo.htm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Green is tasty color
even more tasty
administrator on phyve.com

>Did you eat paint chips as a child?
>-----Original Message-----
>From: gobbles@...h.com [mailto:gobbles@...h.com]
>Sent: Tuesday, September 10, 2002 4:23 PM
>To: full-disclosure@...ts.netsys.com
>Cc: full-disclosure@...ts.netsys.com
>Subject: RE: [Full-Disclosure] XP security hole uplddrvinfo.htm
>
>
>
>fuck you 2.
>
>mindless consultant rely on charletan look dumb fuck
>gibson suck nothing but shit covered dick
>Paul Tinsley get gibson left over
>must taste good
>here is invoice
>i look smart
>hire again
>mom is proud
>
>>You people amaze me.... you are too busy proving that each oth
>e
>>r suck to
>>just get the word out on exploits.  You should note that I nev
>e
>>r claimed
>>who discovered it, I honestly don't care.  I know personally I
>
>>would
>>prefer if political agendas or conspiracy theories stay off th
>e
>> list.
>>Point is, systems are insecure, get the word out.  Pat on the
>b
>>ack for
>>whoever did discover it...
>>
>> So revised version of original message:
>>I haven't seen much if any coverage of a rather nasty exploit
>i
>>n Windows
>>XP that was discovered by what I believe was a human on earth.
>
>> If you
>>would like to keep your XP boxes from being venerable to this
>e
>>xploit
>>which happens to delete whatever a properly formed link reques
>t
>>s, delete
>>%windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm
>>
>>Thank you to Thor for posting more accurate information in rep
>l
>>y to my
>>message....
>>Shane Hird discovered it.
>>You can see his post here:
>>
>>http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.
>h
>>tml
>>
>>And you can try a proof-of-concept here:
>>
>>http://jscript.dk/2002/8/sec/xphelpdelete.html
>>
>>And you can see all of the 20 publicly known unpatched vulnera
>b
>>ilities
>>in Internet Explorer here:
>>
>>http://www.pivx.com/larholm/unpatched/
>>
>>
>>-----Original Message-----
>>From: gobbles@...h.com [mailto:gobbles@...h.com]
>>Sent: Tuesday, September 10, 2002 2:36 PM
>>Subject: Re: [Full-Disclosure] XP security hole uplddrvinfo.ht
>m
>>
>>
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Steve Gibson=FUD charlaten   www.grcsucks.com
>>
>>>Sorry if this has already been posted but I was made aware of
>
>>a
>>> rather
>>>ugly security hole in Windows XP.
>>>
>>
>>FUD FUD FUD
>>
>>>This vulnerability allows the files contained in any specifie
>d
>>
>>>directory
>>>on your system to be deleted if you click on a specially form
>e
>>d
>>> URL.
>>>This URL could appear anywhere: sent in malicious eMail, in a
>
>>c
>>>hat room,
>>>in a newsgroup posting, on a malicious web page, or even exec
>u
>>t
>>>ed when
>>
>>Geogie Guninski discovered this long time ago.  Major vulnerab
>i
>>lity also
>>exist if user type format command wrong.
>>
>>Gibson no skills not discover this.
>>
>>>your computer merely visits a malicious web page. It is likel
>y
>>
>>>to be
>>>widely exploited soon.
>>
>>Widely exploited soon?  Gibson planning something?
>>
>>bullshit bullshit bullshit
>>
>>
>>>This vulnerability is so dangerous that it would be irrespons
>i
>>b
>>>le for me
>>>to say more. Microsoft has known of this problem for months a
>n
>>d
>>
>>FUD FUD FUD bullshit bullshit bullshit.  Gibson is marketing.
>
>>General
>>terms high level bullshit mean more consultant dollars.
>>
>>> has,
>>>inexplicably, done nothing before now. Although XP's Service
>P
>>a
>>>ck 1 is
>>>not small (approx 30 MB for express installation or 140 MB fo
>r
>>
>>>the
>>>network install), and even though a much quicker and easier s
>o
>>l
>>>ution to
>>>this problem exists, the only thing I can safely recommend (w
>i
>>t
>>>hout
>>>revealing too much) is to urge all XP users to somehow obtain
>
>>a
>>>nd
>>>install Service Pack 1 immediately. (If you have a slow Inter
>n
>>e
>>>t
>>>connection, perhaps a friend can download the executable Serv
>i
>>c
>>>e Pack
>>>file and burn it onto a CD for you?)
>>
>>More fud fud fud bullshit bullshit bullshit.  Problem fixed wi
>t
>>h hotfix
>>not sp1.  Gibson very dumb.
>>
>>>This problem does not affect any systems other than Windows X
>P
>>.
>>> If you
>>>have any friends or co-workers running Windows XP, please urg
>e
>>
>>>them to
>>>update their systems' too. Once the details of this vulnerabi
>l
>>i
>>>ty have
>>>leaked through other channels I will provide additional infor
>m
>>a
>>>tion.
>>
>>Gibson planning leak?  Tell friends that Gibson great security
>
>>guy and
>>pay to consult.  bullshit bullshit bullshit FUD FUD FUD
>>
>>>there is an alternative. There's a file you can rename or del
>e
>>t
>>>e to fix
>>>the security hole. Here are the steps:
>>>
>>>Perform a search for a file on your C drive called "uplddrvin
>f
>>o
>>>.htm."
>>>Once you've found the file, delete it or rename it. Doing so
>w
>>i
>>>ll not
>>>hinder your ability to use Windows XP.
>>
>>bullshit bullshit bullshit.
>>
>>Does not fix problem.  Gibson is dumb.
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: Hush 2.1
>>Note: This signature can be verified at https://www.hushtools.
>c
>>om
>>
>>wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiw
>C
>>gkCxM
>>SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd
>>=Ok0V
>>-----END PGP SIGNATURE-----
>>
>>
>>
>>
>>Get your free encrypted email at https://www.hushmail.com
>>
>
>>You people amaze me.... you are too busy proving that each oth
>e
>>r suck to
>>just get the word out on exploits.  You should note that I nev
>e
>>r claimed
>>who discovered it, I honestly don't care.  I know personally I
>
>>would
>>prefer if political agendas or conspiracy theories stay off th
>e
>> list.
>>Point is, systems are insecure, get the word out.  Pat on the
>b
>>ack for
>>whoever did discover it...
>>
>> So revised version of original message:
>>I haven't seen much if any coverage of a rather nasty exploit
>i
>>n Windows
>>XP that was discovered by what I believe was a human on earth.
>
>> If you
>>would like to keep your XP boxes from being venerable to this
>e
>>xploit
>>which happens to delete whatever a properly formed link reques
>t
>>s, delete
>>%windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm
>>
>>Thank you to Thor for posting more accurate information in rep
>l
>>y to my
>>message....
>>Shane Hird discovered it.
>>You can see his post here:
>>
>>http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.
>h
>>tml
>>
>>And you can try a proof-of-concept here:
>>
>>http://jscript.dk/2002/8/sec/xphelpdelete.html
>>
>>And you can see all of the 20 publicly known unpatched vulnera
>b
>>ilities
>>in Internet Explorer here:
>>
>>http://www.pivx.com/larholm/unpatched/
>>
>>
>>-----Original Message-----
>>From: gobbles@...h.com [mailto:gobbles@...h.com]
>>Sent: Tuesday, September 10, 2002 2:36 PM
>>Subject: Re: [Full-Disclosure] XP security hole uplddrvinfo.ht
>m
>>
>>
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Steve Gibson=FUD charlaten   www.grcsucks.com
>>
>>>Sorry if this has already been posted but I was made aware of
>
>>a
>>> rather
>>>ugly security hole in Windows XP.
>>>
>>
>>FUD FUD FUD
>>
>>>This vulnerability allows the files contained in any specifie
>d
>>
>>>directory
>>>on your system to be deleted if you click on a specially form
>e
>>d
>>> URL.
>>>This URL could appear anywhere: sent in malicious eMail, in a
>
>>c
>>>hat room,
>>>in a newsgroup posting, on a malicious web page, or even exec
>u
>>t
>>>ed when
>>
>>Geogie Guninski discovered this long time ago.  Major vulnerab
>i
>>lity also
>>exist if user type format command wrong.
>>
>>Gibson no skills not discover this.
>>
>>>your computer merely visits a malicious web page. It is likel
>y
>>
>>>to be
>>>widely exploited soon.
>>
>>Widely exploited soon?  Gibson planning something?
>>
>>bullshit bullshit bullshit
>>
>>
>>>This vulnerability is so dangerous that it would be irrespons
>i
>>b
>>>le for me
>>>to say more. Microsoft has known of this problem for months a
>n
>>d
>>
>>FUD FUD FUD bullshit bullshit bullshit.  Gibson is marketing.
>
>>General
>>terms high level bullshit mean more consultant dollars.
>>
>>> has,
>>>inexplicably, done nothing before now. Although XP's Service
>P
>>a
>>>ck 1 is
>>>not small (approx 30 MB for express installation or 140 MB fo
>r
>>
>>>the
>>>network install), and even though a much quicker and easier s
>o
>>l
>>>ution to
>>>this problem exists, the only thing I can safely recommend (w
>i
>>t
>>>hout
>>>revealing too much) is to urge all XP users to somehow obtain
>
>>a
>>>nd
>>>install Service Pack 1 immediately. (If you have a slow Inter
>n
>>e
>>>t
>>>connection, perhaps a friend can download the executable Serv
>i
>>c
>>>e Pack
>>>file and burn it onto a CD for you?)
>>
>>More fud fud fud bullshit bullshit bullshit.  Problem fixed wi
>t
>>h hotfix
>>not sp1.  Gibson very dumb.
>>
>>>This problem does not affect any systems other than Windows X
>P
>>.
>>> If you
>>>have any friends or co-workers running Windows XP, please urg
>e
>>
>>>them to
>>>update their systems' too. Once the details of this vulnerabi
>l
>>i
>>>ty have
>>>leaked through other channels I will provide additional infor
>m
>>a
>>>tion.
>>
>>Gibson planning leak?  Tell friends that Gibson great security
>
>>guy and
>>pay to consult.  bullshit bullshit bullshit FUD FUD FUD
>>
>>>there is an alternative. There's a file you can rename or del
>e
>>t
>>>e to fix
>>>the security hole. Here are the steps:
>>>
>>>Perform a search for a file on your C drive called "uplddrvin
>f
>>o
>>>.htm."
>>>Once you've found the file, delete it or rename it. Doing so
>w
>>i
>>>ll not
>>>hinder your ability to use Windows XP.
>>
>>bullshit bullshit bullshit.
>>
>>Does not fix problem.  Gibson is dumb.
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: Hush 2.1
>>Note: This signature can be verified at https://www.hushtools.
>c
>>om
>>
>>wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiw
>C
>>gkCxM
>>SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd
>>=Ok0V
>>-----END PGP SIGNATURE-----
>>
>>
>>
>>
>>Get your free encrypted email at https://www.hushmail.com
>>
>
>
>
>
>Get your free encrypted email at https://www.hushmail.com
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlgEARECABgFAj1+aQURHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56tA2gCeI0xZ
TKAPHWgdvu7BcDjENEaZ3ToAoI/eO64ofr03i/2ZnSkK9GjHeYZU
=yN5Q
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ