lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6158bb410805120741h4b427d6bue54988cbe062c16b@mail.gmail.com>
Date: Mon, 12 May 2008 10:41:06 -0400
From: Ureleet <ureleet@...il.com>
To: "Dr. J Swift" <fdiscsplat@...il.com>
Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: First case of Cyber Rolling?

plus i thought you were unsubscribing?

On Sun, May 11, 2008 at 5:28 PM, Dr. J Swift <fdiscsplat@...il.com> wrote:
> On Sat, May 10, 2008 at 11:03 PM, n3td3v <xploitable@...il.com> wrote:
>  > Scaring people with fullScreen
>  >
>  >     * Posted by bunnyhero
>  >     * 2008 May 10
>  >
>  >  When Flash Player 9 goes into full screen mode, it pops up a little
>  >  security message that tells the user how to exit full screen mode. It
>  >  appears as white text on a semi-transparent black background so it is
>  >  generally always visible (which is good). Still, I wondered if it
>  >  could be obscured.
>  >
>  >  The message is always on top, so it is impossible to draw over it. But
>  >  what if we tried distracting the user from the actual security
>  >  message?
>  >
>  >  Here's a silly test:
>  >
>  >  Of course, you can press Esc (or alt+tab to another window) to escape.
>  >
>  >  UPDATE: I have made the source code available, warts and all, under a
>  >  ZLib licence. Share and enjoy :)
>  >
>  >  http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/
>  >
>
>  Mr. Wallace,
>
>  Are you bunnyhero?
>
>  Why would you publish this exploit?
>
>  Did you contact the affected vendors prior to your publishing this?
>
>
>
>  _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ