lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: m0rtis at (Mortis)
Subject: Full Disclosure Awards

Good morning Ladies and Gentleman,

I'm glad you could come to the semi-weekly Full Disclosure
Award Ceremony.  It's been an exciting week and the judges
are having a hard time making their decision.  You decide...

We have three contenders for the "No Sh*t, Sherlock" award
this week:

a) Ben Moeckel ( for his
lovely copyrighted write-up letting us all know "When
webbrowsers parse html they remove special chars, this
behavior may be used by an malicious user to fool
script/html-filters in webapplications".  We never thought
of that, Ben.  Got any more tricks up your sleeve?

b) Richard M. Smith ( for letting
us know he found a way to deliver a file to a program that
is made to read files.  And has no known vulnerabilities.
On one operating system and browser.  Thanks, Dick, we
needed something like that!  It operates as designed...
let's call the press.

c) gyrniff ( for the brilliant
observation that recent MS operating systems talk to MS on
the internet by default.  If MS hadn't said so and we hadn't
read about it in the press about 6 years ago, we might act

We have FOUR contenders for the "I would just like to
announce that I am a moron" award.  Yes, you heard me.
Four.  Sometimes you have to wait months for gems like
these, folks, but not on FD:

a) Kyp Durron ( for forwarding us the
headers from his message that may or may not have been from
Microsoft.  Like it was somehow more special than the other
800 spams we got over the weekend.  Slap yourself with the
clue stick, Kyp.  Most of us get the same spam in our own
mailboxes.  All the time.  Can you imagine that?  Richard
researches this topic.  He may be interested in the extra

b) Kaveh Mofidi ( for the "Recycle
Bin Unavailability of Service".  He just called to let us
know that he found a harmless minor bug in the Microsoft GUI
that has no bearing on security whatsoever.  But it made you
look, didn't it!  Thanks, man.  Please send the $4,238 worth
of people's time that you wasted to a good charity.  Oh,
wait, don't bother.  Anyone who wasted their time deserved

c) Harshul Nayak ( for observing back
to the list the exact information that the original poster
did.  And for making it sound like he was contradicting
them.  Come to think about it, maybe this one should come
off the list.  I think he was making a funny.

d) Justin Shin ( just for being
him.  Quotes o' the week: "This probably sounds like a
really stuuuuuuupid question ... When I ran ... exploit ...
tried to create a share ... connect to share, I am forced to
login as Guest ...  Is it just me or is it something else??"
***** It's just you. ***** "Because, I have so much time
that I can waste being a 1337h4x0r and screwing around with
other people's computer" ***** We thought this might be the
case. ***** "Sounds like it was poorly written" ***** based
on the size of an executable: good analysis! ***** "I have
observed this on one of my client's computers as well" *****
Please tell us UR kidding *****

I suppose we need to give away two awards for good posts.
Thanks, boyz.

a) [SEC-LABS TEAM]: ( For their
Win32 Device Drivers Communication Vulnerabilities + PoC for
Symantec Norton AntiVirus '2002 (probably all versions)
Device Driver.  Sweet.

b) dong-h0un U [] for the nicely coded
wu-ftpd-2.6.2 off-by-one remote exploit.  You the man,

I need to send a special note to morning_wood, too, for his
special treasure "HTML FORMATED MAIL ( ie - oe - html )
bgsound local file - ding?".

Picture this.  Picture Mortis sitting at computer in
bedroom.  Picture alarm clock, 3:43 am.  Picture Lady Death
sleeping in bed near computer.  Picture nice computer with
good sound card and Dolby 5.1 surround sound.  Picture
Mortis clicking on email to see what ding ding about.

You s*ck, morning_wood.  I hate you.  Lady Death is p*ssed.
No s3x.  I will get you for this.  I usually like funny, but
not this time.
I'm dead,
P.S. Greets to Brent who is crabbier than Mortis.

Powered by blists - more mailing lists