lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3FB349F6.9080106@egotistical.reprehensible.net>
From: ge at egotistical.reprehensible.net (Gadi Evron)
Subject: new worm - "warm-pussy.jpg".

segfault wrote:

> You idiot.  Just because a file is called warm-pussy.jpg, doesn't mean that
> the webserver it resides on isn't going to parse it's actual content (which
> is probably plaintext).  Look again, I'm sure you'll be surprised.
> 

HTML _is_ plain-text.
Just because the server sends it as plain text doesn't mean the browser 
won't execute it.

It does.

This *is* a Trojan horse.

Do you have anything real to contribute or are you just going to call a 
guy that raised the alarm of a _possible_ new dangerous Trojan hourse names?
-- 
       Gadi Evron (i.e. ge),
       ge@...uxbox.org.

The Trojan Horses Research mailing list - http://ecompute.org/th-list

My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf

PGP key for ge@...uxbox.org -
http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
Note: this key is used mainly for files and attachments, I sign email 
messages using:
http://vapid.reprehensible.net/~ge/Gadi_Evron_sign.asc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ