lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <e91363810712111228x724637ddjb19257fb243090f5@mail.gmail.com>
Date: Tue, 11 Dec 2007 12:28:29 -0800
From: "Porco Graxa" <porco.graxa@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Google / GMail bug, all accounts vulnerable

GPS 0-day Advisory: obvious Clown Town Faggotry

Kristian Hermafoditas, you have once agained summoned the beasts
security group Fatty Pig Seguranca with this lame Gmail not security
of issue. An obvious issue without real merit. Moreover, not
discovered by you. Ask the google for "Gmail logout CSRF" or "Google
logout csrf" and approximately 9 billion query results come
immediately.

http://www.0x000000.com/index.php?i=382
http://www.gnucitizen.org/blog/persistent-csrf-and-the-hotlink-hell/

Unfortunately, you fail basic unethical test and tell GPS to wait for
paper to introduce such a simple consultation. We will not wait for
stupid paper. Your paper is not worth the ink your greasy bearded
hands type the paper with. The Internet has to bring the truth, we are
guessing not friends.

Your "exploits" make GPS laugh and roll in much beef
(http://www.milw0rm.com/author/588)

"Ubuntu Breezy 5.10 Installer Password Disclosure Vulnerability"
http://www.milw0rm.com/exploits/1579
It is a front for "cat". How you write this and still cuddle with your sister?

"Ubuntu / Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit"
http://www.milw0rm.com/exploits/3384
Maybe this one is real I do not run silly fancy graphics OS to try it out.

"Gimp 2.2.14 RAS vuln"
http://www.milw0rm.com/exploits/3888
That DownExec shellcode look nice. It was useful when you grabbed it
from Metasploit? Perhaps you should give the president credit before
telling security world you create the good shellcode.  (Through much
use of diff, GPS has discovered these security codes are Metasploit
Windows Reverse Run with no Encoder)

"MS Windows Vista forged package ARP Network Stack DoS Exploit"
http://www.milw0rm.com/exploits/3926
Symantec (who discovered the vulnerability), explains: "These are two
sub-demand access to the network, are not new and have limited
solutions available." I had to read much of your spooge ASCII art and
crap argument analyze code to discover that you were not doing
anything. Think band is free?

"MySQL <= 5.0.45 (Change) Vulnerability denial of service"
http://www.milw0rm.com/exploits/4615
You need ALTER permissions. It is most surprising that alter
permissions on database lead to much delay.

Kristian 'I have no special talent I am just bi-curious' Hermafoditas,
not write such de encontro a engraçado the time of the research Comunidade.

porco graxa
Gordos Pig Seguranca

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ