lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200409261702.i8QH2Kl23676@netsys.com>
From: randallm at fidmail.com (RandallM)
Subject: RE: Full-Disclosure: JEPG Hype or Hope?

What exactly would one gain by creating a PoC on this exploit?
How exactly does this compare to meaningful disclosures that were
revealed because someone would not listen or ignored the warnings
of their security vulnerability.

I mean, this is nothing like a program goof that allows clear-text
Passwords or exposes files or the like. This exploit (if it can be
called that) took a lot of thought to create it and exploit it.

Correct me if I'm wrong but it does not fall in to the category
of "exploit" as defined by this list. This was truly a "created Exploit" 
that would not be their otherwise. This took intelligent input.

This is nothing more then a black-hat attack. It is not a meaningful
revealing of poor security as I've seen defined on this list.

<|>--__--__--
<|>
<|>Message: 13
<|>From: "i.t " <fulldis@...7.dyndns.org>
<|>Organization: i.t consulting
<|>To: full-disclosure@...ts.netsys.com
<|>Date: Sun, 26 Sep 2004 11:57:33 +0200
<|>Subject: [Full-Disclosure] Re: MS04-028 Jpeg EXPLOIT - msn
<|>
<|>
<|>> On Saturday 25 September 2004 16:59, raza wrote:
<|>> > I just compiled this and it works well..
<|>> >
<|> ...
<|>> yes and it works very well.
<|>> > I can see this ones gaana be fun...
<|>> We'll have a worm within days.

<|>
<|>for nearly all of my clients using win xp I've deinstalled 
<|>win messenger.
<|>one urgently wanted it back for communicating in real-time; 
<|>and, of course, 
<|>it's much more fun seeing a live picture of the 
<|>counterpart(s) in the chat 
<|>window...
<|>
<|>even having installed sp2 and the newest patches plus AV I 
<|>can imagine a virus 
<|>spreading within those pictures throughout the whole msn and so on...
<|>any other defense?
<|>or ist this too much paranoia?
<|>
<|>i.t
<|>
<|>
<|>--__--__--


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ