[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030805135835.7abdd906.martin@hardlined.com>
From: martin at hardlined.com (Martin Ekendahl)
Subject: Full Disclosure Awards
hahaha, I hope you will keep this "weekly award" thing up, its a nice refreshing change from the usual tone of the list.
On Tue, 5 Aug 2003 08:15:08 -0400
"Mortis" <m0rtis@...lphia.net> wrote:
> Good morning Ladies and Gentleman,
>
> I'm glad you could come to the semi-weekly Full Disclosure
> Award Ceremony. It's been an exciting week and the judges
> are having a hard time making their decision. You decide...
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> We have three contenders for the "No Sh*t, Sherlock" award
> this week:
>
> a) Ben Moeckel (ben.moeckel@...webmasters.net) for his
> lovely copyrighted write-up letting us all know "When
> webbrowsers parse html they remove special chars, this
> behavior may be used by an malicious user to fool
> script/html-filters in webapplications". We never thought
> of that, Ben. Got any more tricks up your sleeve?
>
> b) Richard M. Smith (rms@...puterbytesman.com) for letting
> us know he found a way to deliver a file to a program that
> is made to read files. And has no known vulnerabilities.
> On one operating system and browser. Thanks, Dick, we
> needed something like that! It operates as designed...
> let's call the press.
>
> c) gyrniff (b240503@...niff.dk) for the brilliant
> observation that recent MS operating systems talk to MS on
> the internet by default. If MS hadn't said so and we hadn't
> read about it in the press about 6 years ago, we might act
> surprised.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> We have FOUR contenders for the "I would just like to
> announce that I am a moron" award. Yes, you heard me.
> Four. Sometimes you have to wait months for gems like
> these, folks, but not on FD:
>
> a) Kyp Durron (kdurron@...mail.com) for forwarding us the
> headers from his message that may or may not have been from
> Microsoft. Like it was somehow more special than the other
> 800 spams we got over the weekend. Slap yourself with the
> clue stick, Kyp. Most of us get the same spam in our own
> mailboxes. All the time. Can you imagine that? Richard
> researches this topic. He may be interested in the extra
> copies.
>
> b) Kaveh Mofidi (admin@...uretarget.net) for the "Recycle
> Bin Unavailability of Service". He just called to let us
> know that he found a harmless minor bug in the Microsoft GUI
> that has no bearing on security whatsoever. But it made you
> look, didn't it! Thanks, man. Please send the $4,238 worth
> of people's time that you wasted to a good charity. Oh,
> wait, don't bother. Anyone who wasted their time deserved
> it.
>
> c) Harshul Nayak (harshul@...catraz.com) for observing back
> to the list the exact information that the original poster
> did. And for making it sound like he was contradicting
> them. Come to think about it, maybe this one should come
> off the list. I think he was making a funny.
>
> d) Justin Shin (zorkshin@...pabay.rr.com) just for being
> him. Quotes o' the week: "This probably sounds like a
> really stuuuuuuupid question ... When I ran ... exploit ...
> tried to create a share ... connect to share, I am forced to
> login as Guest ... Is it just me or is it something else??"
> ***** It's just you. ***** "Because, I have so much time
> that I can waste being a 1337h4x0r and screwing around with
> other people's computer" ***** We thought this might be the
> case. ***** "Sounds like it was poorly written" ***** based
> on the size of an executable: good analysis! ***** "I have
> observed this on one of my client's computers as well" *****
> Please tell us UR kidding *****
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I suppose we need to give away two awards for good posts.
> Thanks, boyz.
>
> a) [SEC-LABS TEAM]: (noreply@...-labs.hack.pl) For their
> Win32 Device Drivers Communication Vulnerabilities + PoC for
> Symantec Norton AntiVirus '2002 (probably all versions)
> Device Driver. Sweet.
>
> b) dong-h0un U [xploit@...kermail.com] for the nicely coded
> wu-ftpd-2.6.2 off-by-one remote exploit. You the man,
> noon_dong.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I need to send a special note to morning_wood, too, for his
> special treasure "HTML FORMATED MAIL ( ie - oe - html )
> bgsound local file - ding?".
>
> Picture this. Picture Mortis sitting at computer in
> bedroom. Picture alarm clock, 3:43 am. Picture Lady Death
> sleeping in bed near computer. Picture nice computer with
> good sound card and Dolby 5.1 surround sound. Picture
> Mortis clicking on email to see what ding ding about.
> Picture DING! DING! DING! DING! DING! DING!...
>
> You s*ck, morning_wood. I hate you. Lady Death is p*ssed.
> No s3x. I will get you for this. I usually like funny, but
> not this time.
> --
> I'm dead,
> m0rtis
> P.S. Greets to Brent who is crabbier than Mortis.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
/*
"To avoid all evil, to cultivate good,
and to cleanse one's mind
this is the teaching of the Buddhas."
Martin Ekendahl
http://www.hardlined.com
martin@...dlined.com
*/
Powered by blists - more mailing lists