lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: eflorio at edmaster.it (Elia Florio)
Subject: Is www.sco.com hacked?

There are these two JPG files on www.sco.com :

(the good one)
http://www.sco.com/images/landing_pages_new/webinar_land2.jpg

(the supposed hacked one)
http://www.sco.com/images/landing_pages_new/webinar_land2-1.jpg

These are the JFIF headers of the images:

(the good one)
0100  FF D8 FF E0 00 10 4A 46-49 46 00 01 02 01 00 48   ......JFIF.....H
0110  00 48 00 00 FF E1 0C 22-45 78 69 66 00 00 4D 4D   .H....."Exif..MM
0120  00 2A 00 00 00 08 00 07-01 12 00 03 00 00 00 01   .*..............
0130  00 01 00 00 01 1A 00 05-00 00 00 01 00 00 00 62   ...............b
0140  01 1B 00 05 00 00 00 01-00 00 00 6A 01 28 00 03   ...........j.(..
0150  00 00 00 01 00 02 00 00-01 31 00 02 00 00 00 14   .........1......

(the supposed hacked one)
0100  FF D8 FF E0 00 10 4A 46-49 46 00 01 02 00 00 64   ......JFIF.....d
0110  00 64 00 00 FF EC 00 11-44 75 63 6B 79 00 01 00   .d......Ducky...
0120  04 00 00 00 3C 00 00 FF-EE 00 0E 41 64 6F 62 65   ....<......Adobe
0130  00 64 C0 00 00 00 01 FF-DB 00 84 00 06 04 04 04   .d..............
0140  05 04 06 05 05 06 09 06-05 06 09 0B 08 06 06 08   ................
0150  0B 0C 0A 0A 0B 0A 0A 0C-10 0C 0C 0C 0C 0C 0C 10   ................

....mmmm I remember the "Ducky Adobe" strings in the
crafted JPEGs of GDI+ bugs.....maybe just a coincidence?

EF

________________________________________________
Messaggio inviato da
Edizioni Master Webmail
http://mbox.edmaster.it


Powered by blists - more mailing lists