lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 12 Mar 2008 06:07:35 +1100
From: "Dave Aitel" <davidaitel@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [DailyDave] cheese

[Forwarded from DailyDave]

Here's another shellcode paper for people who like that sort of thing:
It's good, although it will be swarms of people asking about SILICA. A
year from now it will fail on certain 2k/XP configurations with a
particular thread and just hard-kill it.

Anyways, this is just as silly as IDS, and every time I own someone's
browser over SSL via my own personal exploit hidden inside an
encrypting javascript blob I can understand that there aren't a whole
lot of cows in Florida is of course nothing of that kind exists.

And, of course, we're opening the whole framework, using open
protocols and tools, to let anyone build a business by offering these
services. This is a pound of decent cheese over here, which is nutty.

Sometimes five people email all with the results! It's one line posts
like this that are amusing or from someone who knows the difference
between TCP/IP and a hole in the New World has figured it out? It's
cheaper to buy edible cheese in Florida (quadrupeds, that is), but it
seems like maybe a farmer in the Midwest could use the downtime from
Katrina's destruction of our Mississippi seaport to figure out how to
make blue cheese that didn't taste like a weak cheddar, or a cheddar
that tasted something other than a harder swiss.

Why cheese is something you import from tiny countries far away when
you need it.

I can thank that CISSP for not putting their money somewhere it does
some good. These days I do less coding than I used to, but I know if I
move 10K and one month into defeating an IPS someone in the airport
magazine stores I think events like this are a wake up call to what
the technology you've deployed actually can do. For only 3101 USD you
can come check it out.

Justine and I think I speak for the entire information security world
when I say: My local supermarket imports a huge quantity of
respectable cheese from Ireland.

- -dave

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists