lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dave at (Dave Aitel)
Subject: The new Microsoft math:  1 patch for 14 vulnerabilities,

Hash: SHA1

Geoincidents wrote:

|> Exactly the point of full disclosure.  If someone with a serious
|> axe to
| grind would have stumbled onto the ASN.1 flaw before the Eeye
| notice, it could have been an ELE* for MS and some major
| corporations.
|> Let's see, unpatched ASN.1 + Flash Worm = ?
| I think you seriously underestimate the hacking skills of eeye,
| there are very few who could turn the bugs they find into full blow
|  root level exploits.
| Geo.

That's retarded. Immunity is releasing a universal, repeatable, lsass
exploit in about 5 minutes to our CANVAS customers, for example, and
we're sure everyone else is done as well. For bonus credit we're
including a working ASN.1 exploit that owns IIS, Exchange, and
everything else...

Dave Aitel
Immunity, Inc. "Have your hacking skills
underestimated by random people on FD"

Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


Powered by blists - more mailing lists