| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: gobbles at hush.com (gobbles@...h.com) Subject: XP security hole uplddrvinfo.htm -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Green is tasty color even more tasty administrator on phyve.com >Did you eat paint chips as a child? >-----Original Message----- >From: gobbles@...h.com [mailto:gobbles@...h.com] >Sent: Tuesday, September 10, 2002 4:23 PM >To: full-disclosure@...ts.netsys.com >Cc: full-disclosure@...ts.netsys.com >Subject: RE: [Full-Disclosure] XP security hole uplddrvinfo.htm > > > >fuck you 2. > >mindless consultant rely on charletan look dumb fuck >gibson suck nothing but shit covered dick >Paul Tinsley get gibson left over >must taste good >here is invoice >i look smart >hire again >mom is proud > >>You people amaze me.... you are too busy proving that each oth >e >>r suck to >>just get the word out on exploits. You should note that I nev >e >>r claimed >>who discovered it, I honestly don't care. I know personally I > >>would >>prefer if political agendas or conspiracy theories stay off th >e >> list. >>Point is, systems are insecure, get the word out. Pat on the >b >>ack for >>whoever did discover it... >> >> So revised version of original message: >>I haven't seen much if any coverage of a rather nasty exploit >i >>n Windows >>XP that was discovered by what I believe was a human on earth. > >> If you >>would like to keep your XP boxes from being venerable to this >e >>xploit >>which happens to delete whatever a properly formed link reques >t >>s, delete >>%windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm >> >>Thank you to Thor for posting more accurate information in rep >l >>y to my >>message.... >>Shane Hird discovered it. >>You can see his post here: >> >>http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224. >h >>tml >> >>And you can try a proof-of-concept here: >> >>http://jscript.dk/2002/8/sec/xphelpdelete.html >> >>And you can see all of the 20 publicly known unpatched vulnera >b >>ilities >>in Internet Explorer here: >> >>http://www.pivx.com/larholm/unpatched/ >> >> >>-----Original Message----- >>From: gobbles@...h.com [mailto:gobbles@...h.com] >>Sent: Tuesday, September 10, 2002 2:36 PM >>Subject: Re: [Full-Disclosure] XP security hole uplddrvinfo.ht >m >> >> >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Steve Gibson=FUD charlaten www.grcsucks.com >> >>>Sorry if this has already been posted but I was made aware of > >>a >>> rather >>>ugly security hole in Windows XP. >>> >> >>FUD FUD FUD >> >>>This vulnerability allows the files contained in any specifie >d >> >>>directory >>>on your system to be deleted if you click on a specially form >e >>d >>> URL. >>>This URL could appear anywhere: sent in malicious eMail, in a > >>c >>>hat room, >>>in a newsgroup posting, on a malicious web page, or even exec >u >>t >>>ed when >> >>Geogie Guninski discovered this long time ago. Major vulnerab >i >>lity also >>exist if user type format command wrong. >> >>Gibson no skills not discover this. >> >>>your computer merely visits a malicious web page. It is likel >y >> >>>to be >>>widely exploited soon. >> >>Widely exploited soon? Gibson planning something? >> >>bullshit bullshit bullshit >> >> >>>This vulnerability is so dangerous that it would be irrespons >i >>b >>>le for me >>>to say more. Microsoft has known of this problem for months a >n >>d >> >>FUD FUD FUD bullshit bullshit bullshit. Gibson is marketing. > >>General >>terms high level bullshit mean more consultant dollars. >> >>> has, >>>inexplicably, done nothing before now. Although XP's Service >P >>a >>>ck 1 is >>>not small (approx 30 MB for express installation or 140 MB fo >r >> >>>the >>>network install), and even though a much quicker and easier s >o >>l >>>ution to >>>this problem exists, the only thing I can safely recommend (w >i >>t >>>hout >>>revealing too much) is to urge all XP users to somehow obtain > >>a >>>nd >>>install Service Pack 1 immediately. (If you have a slow Inter >n >>e >>>t >>>connection, perhaps a friend can download the executable Serv >i >>c >>>e Pack >>>file and burn it onto a CD for you?) >> >>More fud fud fud bullshit bullshit bullshit. Problem fixed wi >t >>h hotfix >>not sp1. Gibson very dumb. >> >>>This problem does not affect any systems other than Windows X >P >>. >>> If you >>>have any friends or co-workers running Windows XP, please urg >e >> >>>them to >>>update their systems' too. Once the details of this vulnerabi >l >>i >>>ty have >>>leaked through other channels I will provide additional infor >m >>a >>>tion. >> >>Gibson planning leak? Tell friends that Gibson great security > >>guy and >>pay to consult. bullshit bullshit bullshit FUD FUD FUD >> >>>there is an alternative. There's a file you can rename or del >e >>t >>>e to fix >>>the security hole. Here are the steps: >>> >>>Perform a search for a file on your C drive called "uplddrvin >f >>o >>>.htm." >>>Once you've found the file, delete it or rename it. Doing so >w >>i >>>ll not >>>hinder your ability to use Windows XP. >> >>bullshit bullshit bullshit. >> >>Does not fix problem. Gibson is dumb. >> >>-----BEGIN PGP SIGNATURE----- >>Version: Hush 2.1 >>Note: This signature can be verified at https://www.hushtools. >c >>om >> >>wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiw >C >>gkCxM >>SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd >>=Ok0V >>-----END PGP SIGNATURE----- >> >> >> >> >>Get your free encrypted email at https://www.hushmail.com >> > >>You people amaze me.... you are too busy proving that each oth >e >>r suck to >>just get the word out on exploits. You should note that I nev >e >>r claimed >>who discovered it, I honestly don't care. I know personally I > >>would >>prefer if political agendas or conspiracy theories stay off th >e >> list. >>Point is, systems are insecure, get the word out. Pat on the >b >>ack for >>whoever did discover it... >> >> So revised version of original message: >>I haven't seen much if any coverage of a rather nasty exploit >i >>n Windows >>XP that was discovered by what I believe was a human on earth. > >> If you >>would like to keep your XP boxes from being venerable to this >e >>xploit >>which happens to delete whatever a properly formed link reques >t >>s, delete >>%windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm >> >>Thank you to Thor for posting more accurate information in rep >l >>y to my >>message.... >>Shane Hird discovered it. >>You can see his post here: >> >>http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224. >h >>tml >> >>And you can try a proof-of-concept here: >> >>http://jscript.dk/2002/8/sec/xphelpdelete.html >> >>And you can see all of the 20 publicly known unpatched vulnera >b >>ilities >>in Internet Explorer here: >> >>http://www.pivx.com/larholm/unpatched/ >> >> >>-----Original Message----- >>From: gobbles@...h.com [mailto:gobbles@...h.com] >>Sent: Tuesday, September 10, 2002 2:36 PM >>Subject: Re: [Full-Disclosure] XP security hole uplddrvinfo.ht >m >> >> >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Steve Gibson=FUD charlaten www.grcsucks.com >> >>>Sorry if this has already been posted but I was made aware of > >>a >>> rather >>>ugly security hole in Windows XP. >>> >> >>FUD FUD FUD >> >>>This vulnerability allows the files contained in any specifie >d >> >>>directory >>>on your system to be deleted if you click on a specially form >e >>d >>> URL. >>>This URL could appear anywhere: sent in malicious eMail, in a > >>c >>>hat room, >>>in a newsgroup posting, on a malicious web page, or even exec >u >>t >>>ed when >> >>Geogie Guninski discovered this long time ago. Major vulnerab >i >>lity also >>exist if user type format command wrong. >> >>Gibson no skills not discover this. >> >>>your computer merely visits a malicious web page. It is likel >y >> >>>to be >>>widely exploited soon. >> >>Widely exploited soon? Gibson planning something? >> >>bullshit bullshit bullshit >> >> >>>This vulnerability is so dangerous that it would be irrespons >i >>b >>>le for me >>>to say more. Microsoft has known of this problem for months a >n >>d >> >>FUD FUD FUD bullshit bullshit bullshit. Gibson is marketing. > >>General >>terms high level bullshit mean more consultant dollars. >> >>> has, >>>inexplicably, done nothing before now. Although XP's Service >P >>a >>>ck 1 is >>>not small (approx 30 MB for express installation or 140 MB fo >r >> >>>the >>>network install), and even though a much quicker and easier s >o >>l >>>ution to >>>this problem exists, the only thing I can safely recommend (w >i >>t >>>hout >>>revealing too much) is to urge all XP users to somehow obtain > >>a >>>nd >>>install Service Pack 1 immediately. (If you have a slow Inter >n >>e >>>t >>>connection, perhaps a friend can download the executable Serv >i >>c >>>e Pack >>>file and burn it onto a CD for you?) >> >>More fud fud fud bullshit bullshit bullshit. Problem fixed wi >t >>h hotfix >>not sp1. Gibson very dumb. >> >>>This problem does not affect any systems other than Windows X >P >>. >>> If you >>>have any friends or co-workers running Windows XP, please urg >e >> >>>them to >>>update their systems' too. Once the details of this vulnerabi >l >>i >>>ty have >>>leaked through other channels I will provide additional infor >m >>a >>>tion. >> >>Gibson planning leak? Tell friends that Gibson great security > >>guy and >>pay to consult. bullshit bullshit bullshit FUD FUD FUD >> >>>there is an alternative. There's a file you can rename or del >e >>t >>>e to fix >>>the security hole. Here are the steps: >>> >>>Perform a search for a file on your C drive called "uplddrvin >f >>o >>>.htm." >>>Once you've found the file, delete it or rename it. Doing so >w >>i >>>ll not >>>hinder your ability to use Windows XP. >> >>bullshit bullshit bullshit. >> >>Does not fix problem. Gibson is dumb. >> >>-----BEGIN PGP SIGNATURE----- >>Version: Hush 2.1 >>Note: This signature can be verified at https://www.hushtools. >c >>om >> >>wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiw >C >>gkCxM >>SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd >>=Ok0V >>-----END PGP SIGNATURE----- >> >> >> >> >>Get your free encrypted email at https://www.hushmail.com >> > > > > >Get your free encrypted email at https://www.hushmail.com > -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlgEARECABgFAj1+aQURHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56tA2gCeI0xZ TKAPHWgdvu7BcDjENEaZ3ToAoI/eO64ofr03i/2ZnSkK9GjHeYZU =yN5Q -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists