lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <122827b90601131510t10756f02jea6546c52cf6257c@mail.gmail.com>
Date: Fri Jan 13 23:10:51 2006
From: stan.bubrouski at gmail.com (Stan Bubrouski)
Subject: Steve Gibson smokes crack?

Back to the original subject:
[Full-disclosure] Steve Gibson smokes crack?

Does anyone know if Steve Gibson does indeed smoke crack?  If Marion
Barry does, why can't he?  These questions need answers!  Or not,
happy friday, drink up.

-sb

On 1/13/06, eric williams <nfobro@...il.com> wrote:
> On 13 Jan 2006 14:31:06 -0800, Randal L. Schwartz <merlyn@...nehenge.com> wrote:
> > >>>>> "Morning" == Morning Wood <se_cur_ity@...mail.com> writes:
> >
> > Morning> http://aolradio.podcast.aol.com/sn/SN-022.mp3
> > Morning> claiming SetAbortProc() was a purpose placed backdoor...
> >
> > I've heard that WINE suffers from the same exploit.  How could
> > it be a microsoft "conspiracy" if WINE (implemented from API docs)
> > does the same thing?
> >
> Randal,
>
> Thanks.  That's is precisely the point I have been trying to make,
> however, the question is I gather flowing from the Gibson commentary,
> how or what exactly causes WINE to execute the code pointed at by the
> SetAbortProc record?  Is it the "incorrect record length" is it some
> other munged input, is it "by design" which has also been alluded to,
> and seems to be your reference here.
>
> IOW, does any know the circumstances, in all cases, where the bug is
> triggered or is there only speculation based upon exploit code
> "working" against a given vulnerable implementation of the API?
>
> I know I am speculating, but is there or has there been a canonical
> analysis done by anyone?
>
> -e
> > --
> > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> > <merlyn@...nehenge.com> <URL:http://www.stonehenge.com/merlyn/>
> > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ