lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: martin at (Martin Ekendahl)
Subject: Full Disclosure Awards

hahaha, I hope you will keep this "weekly award" thing up, its a nice refreshing change from the usual tone of the list.

On Tue, 5 Aug 2003 08:15:08 -0400
"Mortis" <> wrote:

> Good morning Ladies and Gentleman,
> I'm glad you could come to the semi-weekly Full Disclosure
> Award Ceremony.  It's been an exciting week and the judges
> are having a hard time making their decision.  You decide...
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> We have three contenders for the "No Sh*t, Sherlock" award
> this week:
> a) Ben Moeckel ( for his
> lovely copyrighted write-up letting us all know "When
> webbrowsers parse html they remove special chars, this
> behavior may be used by an malicious user to fool
> script/html-filters in webapplications".  We never thought
> of that, Ben.  Got any more tricks up your sleeve?
> b) Richard M. Smith ( for letting
> us know he found a way to deliver a file to a program that
> is made to read files.  And has no known vulnerabilities.
> On one operating system and browser.  Thanks, Dick, we
> needed something like that!  It operates as designed...
> let's call the press.
> c) gyrniff ( for the brilliant
> observation that recent MS operating systems talk to MS on
> the internet by default.  If MS hadn't said so and we hadn't
> read about it in the press about 6 years ago, we might act
> surprised.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> We have FOUR contenders for the "I would just like to
> announce that I am a moron" award.  Yes, you heard me.
> Four.  Sometimes you have to wait months for gems like
> these, folks, but not on FD:
> a) Kyp Durron ( for forwarding us the
> headers from his message that may or may not have been from
> Microsoft.  Like it was somehow more special than the other
> 800 spams we got over the weekend.  Slap yourself with the
> clue stick, Kyp.  Most of us get the same spam in our own
> mailboxes.  All the time.  Can you imagine that?  Richard
> researches this topic.  He may be interested in the extra
> copies.
> b) Kaveh Mofidi ( for the "Recycle
> Bin Unavailability of Service".  He just called to let us
> know that he found a harmless minor bug in the Microsoft GUI
> that has no bearing on security whatsoever.  But it made you
> look, didn't it!  Thanks, man.  Please send the $4,238 worth
> of people's time that you wasted to a good charity.  Oh,
> wait, don't bother.  Anyone who wasted their time deserved
> it.
> c) Harshul Nayak ( for observing back
> to the list the exact information that the original poster
> did.  And for making it sound like he was contradicting
> them.  Come to think about it, maybe this one should come
> off the list.  I think he was making a funny.
> d) Justin Shin ( just for being
> him.  Quotes o' the week: "This probably sounds like a
> really stuuuuuuupid question ... When I ran ... exploit ...
> tried to create a share ... connect to share, I am forced to
> login as Guest ...  Is it just me or is it something else??"
> ***** It's just you. ***** "Because, I have so much time
> that I can waste being a 1337h4x0r and screwing around with
> other people's computer" ***** We thought this might be the
> case. ***** "Sounds like it was poorly written" ***** based
> on the size of an executable: good analysis! ***** "I have
> observed this on one of my client's computers as well" *****
> Please tell us UR kidding *****
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I suppose we need to give away two awards for good posts.
> Thanks, boyz.
> a) [SEC-LABS TEAM]: ( For their
> Win32 Device Drivers Communication Vulnerabilities + PoC for
> Symantec Norton AntiVirus '2002 (probably all versions)
> Device Driver.  Sweet.
> b) dong-h0un U [] for the nicely coded
> wu-ftpd-2.6.2 off-by-one remote exploit.  You the man,
> noon_dong.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I need to send a special note to morning_wood, too, for his
> special treasure "HTML FORMATED MAIL ( ie - oe - html )
> bgsound local file - ding?".
> Picture this.  Picture Mortis sitting at computer in
> bedroom.  Picture alarm clock, 3:43 am.  Picture Lady Death
> sleeping in bed near computer.  Picture nice computer with
> good sound card and Dolby 5.1 surround sound.  Picture
> Mortis clicking on email to see what ding ding about.
> You s*ck, morning_wood.  I hate you.  Lady Death is p*ssed.
> No s3x.  I will get you for this.  I usually like funny, but
> not this time.
> --
> I'm dead,
> m0rtis
> P.S. Greets to Brent who is crabbier than Mortis.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:

"To avoid all evil, to cultivate good, 
and to cleanse one's mind  
this is the teaching of the Buddhas."

Martin Ekendahl

Powered by blists - more mailing lists