lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: harden at softhome.net (harden@...thome.net)
Subject: OpenSSL on Fire.

. Background 

For years now, the OpenSSL project has been developing strong, 
commercial-grade and, yes, full-featured toolkit implementing the Secure 
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols in 
collaboration with many developers from all around the globe. 

. Problem Description 

Since not everyone are socially skilled and everyone need friends, some 
secret societies released prisonners that released stuff that helped some 
people to do some programming things that then became public to become 
friend with unknown people, see societies. 

. Workaround 

As many of you already thought, suicide can be a way out of this 
uncomfortable position. As I told many people, some of us does have social 
obligations and cannot afford to commit suicide. Using your imagination MAY 
lead to interesting answers. In case of frustration, use the attached 
semi-automatic rooter kit and hack as many servers as you can. Note that 
this will probably not give you root so you should use the NEW PTRACE 
exploit aviable from some whitehated polish persons at 
http://isec.pl/cliph/isec-ptrace-kmod-exploit.c to gain root on all these 
boxes. 

. Solution 

1. Be against the security industry.
2. Join the security industry.
3. Use openssl uzi to kill as many servers as you can. 

. More Details 

By publishing such a tool I expect the world to be a better place,
at least people can have an idea of the WORST.
The attached archive is distributed feely under some license or not.
Yes, I do have the right to do that. 

. Text 

I like to control my brain with my brain. 

  -Harden 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl-uzi.tar
Type: application/x-tar
Size: 92160 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030329/ef2623db/openssl-uzi.tar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ