[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a28ffe560610031612l4a8b915sd4de2678cabe9e6c@mail.gmail.com>
Date: Tue, 3 Oct 2006 16:12:33 -0700
From: "Pink Hat" <pinkhat.h4x0r@...il.com>
To: "Dude VanWinkle" <dudevanwinkle@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Firefox Vulnerabilities FAKED
Site your source silly man.
http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon
<-- was posted last night.
The news and window both misrepresented this after the con.
On 10/3/06, Dude VanWinkle <dudevanwinkle@...il.com> wrote:
> if s00per.pink.h@xor is actually Mischa Spiegelmock i'll eat my two
> week old tighty whities on youtoube.com
>
> and about the claim that it is a fake:
>
> The JavaScript issue appears to be a real vulnerability, Window Snyder,
> Mozilla's security chief, said after watching a video of the
> presentation Saturday night. "What they are describing might be a
> variation on an old attack," she said. "We're going to do some
> investigating."
>
> i trust a girl named window more than a guy named pink
>
> -JP
>
> On 10/3/06, c0redump@...ers.org.uk <c0redump@...ers.org.uk> wrote:
> > Media whores.
> >
> > ----- Original Message -----
> > From: Pink Hat
> > To: full-disclosure@...ts.grok.org.uk
> > Sent: Tuesday, October 03, 2006 9:12 PM
> > Subject: [Full-disclosure] Firefox Vulnerabilities FAKED
> >
> >
> > Nice to see that a group of idiots can turn a conference into a joke
> > just as easily as they can a mailing list. Was there any technical
> > verification from the Toorcon guys before they accepted these asshats
> > talk?
> >
> >
> > http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon
> >
> >
> > The main purpose of our talk was to be humorous.
> >
> >
> >
> > As part of our talk we mentioned that there was a previously known
> > Firefox vulnerability that could result in a stack overflow ending up
> > in remote code execution. However, the code we presented did not in
> > fact do this, and I personally have not gotten it to result in code
> > execution, nor do I know of anyone who has.
> >
> >
> >
> > I have not succeeded in making this code do anything more than cause a
> > crash and eat up system resources, and I certainly haven't used it to
> > take over anyone else's computer and execute arbitrary code.
> >
> >
> >
> > I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever
> > make this claim. I have no undisclosed Firefox vulnerabilities. The
> > person who was speaking with me made this claim, and I honestly have
> > no idea if he has them or not.
> >
> > I apologize to everyone involved, and I hope I have made everything as
> > clear as possible.
> >
> > Sincerely,
> >
> > Mischa Spiegelmock
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists