lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <addc34c605090812522f16c269@mail.gmail.com>
Date: Thu Sep  8 20:52:19 2005
From: nocmonkey at gmail.com (Danny)
Subject: Secuirty Hole Found In Dave's Sock

On 9/8/05, Dave Cawley <dave.cawley@...lphia.com> wrote:
> Date:           9/8/2005
> 
> Vulnerability Found:    Hole In Dave's Socket
> 
> Affected System:                Dave's Right Sock
> 
> Severity:                       Rating: Moderately Critical
>                                Impact: System access
>                                Where:  Foot
> 
> Description of Vulnerability:  This morning while putting my socks
> on I found a small (1/4 inch) hole by my big toe. This could be
> exploited by a virus through the bottom of the foot or under the
> toe nail. This could be used to compromise Dave's entire system.
> 
> Solution: No permanent solution is currently available. A work
> around is to wear the sock on the other foot to have the hole
> above the small toe where it will not be furthur enlarged, it
> will proboably fold over and partially cover the vulnerability.
> Permanent solution coming in either a sock darning or upgrading
> the unit to a new sock.
> 
> Time Table:             Found at 7:48am on Sept 8th, 1005
>                        Work around figured out at 7:49am on Sept 8th,
> 2005
>                        Permanent Solution Pending
> 
> Credits:                Found by Dave
> 
> References:             No references available.

This is NOT proper disclosure, Dave.  You must contact the vendor
first.  My cousins, uncles, nephews sister works for Fruit of the
Loom; I will attempt to locate a security contact there.

I just spoke with my girlfriend, and she has also confirmed that she
has holes -- although there is only one way that I am aware of to fill
her holes.

Until the hole is patched, do not put your sock on your cock.  This
could result in a buffer overflow.

...D

-- 
CPDE - Certified Petroleum Distribution Engineer
CCBC - Certified Canadian Beer Consumer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ