lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1126199397.13114.20.camel@gremlin.unx.brg>
Date: Thu Sep  8 18:10:14 2005
From: brudy at bruderer-research.com (Peter Bruderer)
Subject: Secuirty Hole Found In Dave's Sock

This hole must be a general misconception of the product. After checking
my socks I found a hole in all of them! They are all size 9 1/2.

My questions:

Has sombody already detected a working exploit for this hole in the
wild?

Can this hole be exploited if the socks are laying on a shelf in a
cabinet?

Can somebody exploit the hole on the street, while I'm wearing the
socks?

On Thu, 2005-09-08 at 12:50 -0400, Dave Cawley wrote:
> 	The sock came with the factory installed configuration.
> This hole is not part of that configuration and there is no
> mechanism in the origial configuration to close this one off.
> 
> ***************************************************************
> Dave D. Cawley           |
> High Speed Internet      |    The number of Unix installations
> Duryea, PA               | has grown to 10, with more expected.
> (570)451-4311 x104       |  - The Unix Programmer's Manual,1972
> dave.cawley@...lphia.com |
> ***************************************************************
>                   URL => http://www.adelphia.net 
> 
> -----Original Message-----
> From: Craig, Tobin (OIG) [mailto:tobin.craig@...gov] 
> Sent: Thursday, September 08, 2005 12:46 PM
> To: Dave Cawley; full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock
> 
> 
> It seems that the proprietary and the open source manufacturers agreed
> upon a standardized default configuration: all models are designed with
> one hole, used for deployment. Are you reporting the existence of a
> second hole, or is this an observation of the factory installed default
> configuration?
> 
> My recommendation is to isolate the sock until a full forensic
> examination can be performed.
> 
> Just another thought,
> 
> Tobin
> 
> 
> 
> 
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> <full-disclosure-bounces@...ts.grok.org.uk>
> To: full-disclosure@...ts.grok.org.uk
> <full-disclosure@...ts.grok.org.uk>
> Sent: Thu Sep 08 12:10:28 2005
> Subject: [Full-disclosure] Secuirty Hole Found In Dave's Sock
> 
> Date:		9/8/2005
> 
> Vulnerability Found:   	Hole In Dave's Socket
> 
> Affected System:		Dave's Right Sock
> 
> Severity:			Rating: Moderately Critical
> 				Impact: System access
> 				Where:  Foot
> 
> Description of Vulnerability:  This morning while putting my socks on I
> found a small (1/4 inch) hole by my big toe. This could be exploited by
> a virus through the bottom of the foot or under the toe nail. This could
> be used to compromise Dave's entire system.
> 
> Solution: No permanent solution is currently available. A work around is
> to wear the sock on the other foot to have the hole above the small toe
> where it will not be furthur enlarged, it will proboably fold over and
> partially cover the vulnerability. Permanent solution coming in either a
> sock darning or upgrading the unit to a new sock.
> 
> Time Table:		Found at 7:48am on Sept 8th, 1005
> 			Work around figured out at 7:49am on Sept 8th,
> 2005
> 			Permanent Solution Pending
> 
> Credits:		Found by Dave
> 
> References:		No references available.
> 
> 
> ***************************************************************
> Dave D. Cawley           |
> High Speed Internet      |    The number of Unix installations
> Duryea, PA               | has grown to 10, with more expected.
> (570)451-4311 x104       |  - The Unix Programmer's Manual,1972
> dave.cawley@...lphia.com |
> ***************************************************************
>                   URL => http://www.adelphia.net 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ