lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <D52FCFAE57472647956CBAEDC08DA5533CA595@av-mail01.corp.int-eeye.com>
Date: Thu Aug 25 18:08:19 2005
From: aprotas at eeye.com (Andre Protas)
Subject: talk.google.com

One interesting point is how beta this software really is.  Load it up
into ida and you can see references to their .cpp src as well as their
'cricket' directories.  Looks like there's quite a bit more
functionality built in that is just disabled right now, would be kind of
a fun little chore to patch it up and make it more functional (if the
google jabber server is even configured to forward those different types
of traffic).

Also, they are doing some client-side bounds checking on their message
sizes.  But, if you connect to talk.google.com from a different client
(gaim for instance), you can send quite a bit larger of a buffer.  Hehe,
but then gaim was also cutting me off too the larger I went (more of a
gtk issue than anything).  I loaded up a python jabber client but got
blocked by the new google token everyone was talking about.

Only worth so much time to play around with now that it's just in
beta...but nonetheless, this thread should be about technical
'disclosures', and the political and conspiracy theories abound.

 
Signed,

Andre Derek Protas
Security Researcher
eEye Digital Security
aprotas eeye com


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of My Name
Sent: Thursday, August 25, 2005 6:29 AM
To: Paul Melson
Cc: adityad2005@...rs.sourceforge.net; Full Disclosure
Subject: Re: [Full-disclosure] talk.google.com

Someone kill this thread!  I haven't seen anything disclosed in even
~1~ of these emails.

On 8/25/05, Paul Melson <pmelson@...il.com> wrote:
> -----Original Message-----
> Subject: RE: [Full-disclosure] talk.google.com
> 
> > Why do you have to use gmail when it is very easy to setup a mail
server
> On your own
> > personal computer and also setup a jabber server if required
> >
> > Its your choice what you want to use....
> 
> 
> Well, I have a lot of old server hardware in my basement, but it's
still
> nowhere close to the thousands of servers Google has in various data
centers
> all over the US.  They've also got more bandwidth than I do.  And -
nothing
> personal - I'd rather use the bandwidth I actually pay for for
important
> things like college radio (http://www.impact89fm.org/) or Headkicker
II
> (http://www.adultswim.com/games/brak_headkicker/index.html) instead of
> distractions like full-disclosure mailing list traffic.
> 
> PaulM
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ