lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: rgerhards at hq.adiscon.com (Rainer Gerhards)
Subject: April 1st is here (joy). now improved

I think this posting shows the far superior way Windows prevents
security issues like this. As the name says, it does not intend to allow
you open access to the garden (which becomes even more sophisticated
once TCPA is there...). 

With Windows, you obviously stay in-house and watch the carrots
through... right, a Window! So as you do not have physical access to
them, a root compromise is reliably prevented. I think this is also the
primary reason that ActiveX - by its very core design - does not require
a sandbox to be secure. Or have you ever seen a sandbox inside a house?

As you can see, openness has its disadvantages ;)

Rainer


> Well if we are into folly anyway :-)
> 
> FEAR!FEAR!FEAR!********!ADVISORY!***********FEAR!FEAR!FEAR!
> 
> Security Advisory No 0x454564af
> 
> We have discovered a serious security hole after OpenBSD 3.4 default 
> install!
> 
> After successful installation, we proceeded to the garden. There we 
> grabbed a carrot and pulled firmly. And whoa, instant root acess! We 
> never thought it would be this easy. Really, these sorts of incidents 
> should be prevented.
> 
> Due to the very serious nature of this bug, we will not 
> disclose PoC at 
> this time, esp because the root has already been consumed.
> 
> For details visit our homepage
> 
> http://www.iamanidiot.com/
> 
> ******************************************************
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists