| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: m0rtis at adelphia.net (Mortis) Subject: Full Disclosure Awards Good morning Ladies and Gentleman, I'm glad you could come to the semi-weekly Full Disclosure Award Ceremony. It's been an exciting week and the judges are having a hard time making their decision. You decide... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We have three contenders for the "No Sh*t, Sherlock" award this week: a) Ben Moeckel (ben.moeckel@...webmasters.net) for his lovely copyrighted write-up letting us all know "When webbrowsers parse html they remove special chars, this behavior may be used by an malicious user to fool script/html-filters in webapplications". We never thought of that, Ben. Got any more tricks up your sleeve? b) Richard M. Smith (rms@...puterbytesman.com) for letting us know he found a way to deliver a file to a program that is made to read files. And has no known vulnerabilities. On one operating system and browser. Thanks, Dick, we needed something like that! It operates as designed... let's call the press. c) gyrniff (b240503@...niff.dk) for the brilliant observation that recent MS operating systems talk to MS on the internet by default. If MS hadn't said so and we hadn't read about it in the press about 6 years ago, we might act surprised. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We have FOUR contenders for the "I would just like to announce that I am a moron" award. Yes, you heard me. Four. Sometimes you have to wait months for gems like these, folks, but not on FD: a) Kyp Durron (kdurron@...mail.com) for forwarding us the headers from his message that may or may not have been from Microsoft. Like it was somehow more special than the other 800 spams we got over the weekend. Slap yourself with the clue stick, Kyp. Most of us get the same spam in our own mailboxes. All the time. Can you imagine that? Richard researches this topic. He may be interested in the extra copies. b) Kaveh Mofidi (admin@...uretarget.net) for the "Recycle Bin Unavailability of Service". He just called to let us know that he found a harmless minor bug in the Microsoft GUI that has no bearing on security whatsoever. But it made you look, didn't it! Thanks, man. Please send the $4,238 worth of people's time that you wasted to a good charity. Oh, wait, don't bother. Anyone who wasted their time deserved it. c) Harshul Nayak (harshul@...catraz.com) for observing back to the list the exact information that the original poster did. And for making it sound like he was contradicting them. Come to think about it, maybe this one should come off the list. I think he was making a funny. d) Justin Shin (zorkshin@...pabay.rr.com) just for being him. Quotes o' the week: "This probably sounds like a really stuuuuuuupid question ... When I ran ... exploit ... tried to create a share ... connect to share, I am forced to login as Guest ... Is it just me or is it something else??" ***** It's just you. ***** "Because, I have so much time that I can waste being a 1337h4x0r and screwing around with other people's computer" ***** We thought this might be the case. ***** "Sounds like it was poorly written" ***** based on the size of an executable: good analysis! ***** "I have observed this on one of my client's computers as well" ***** Please tell us UR kidding ***** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I suppose we need to give away two awards for good posts. Thanks, boyz. a) [SEC-LABS TEAM]: (noreply@...-labs.hack.pl) For their Win32 Device Drivers Communication Vulnerabilities + PoC for Symantec Norton AntiVirus '2002 (probably all versions) Device Driver. Sweet. b) dong-h0un U [xploit@...kermail.com] for the nicely coded wu-ftpd-2.6.2 off-by-one remote exploit. You the man, noon_dong. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I need to send a special note to morning_wood, too, for his special treasure "HTML FORMATED MAIL ( ie - oe - html ) bgsound local file - ding?". Picture this. Picture Mortis sitting at computer in bedroom. Picture alarm clock, 3:43 am. Picture Lady Death sleeping in bed near computer. Picture nice computer with good sound card and Dolby 5.1 surround sound. Picture Mortis clicking on email to see what ding ding about. Picture DING! DING! DING! DING! DING! DING!... You s*ck, morning_wood. I hate you. Lady Death is p*ssed. No s3x. I will get you for this. I usually like funny, but not this time. -- I'm dead, m0rtis P.S. Greets to Brent who is crabbier than Mortis.
Powered by blists - more mailing lists