| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Mar 2009 17:56:22 -0500 From: bobby.mugabe@...hmail.com To: full-disclosure@...ts.grok.org.uk, jstarks440@...il.com Subject: Re: Apple Safari ... DoS Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Where? - -bm On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks <jstarks440@...il.com> wrote: >Mr. Mustache, > >There is a missing "s" on the end of my last name. > >Yours truly, > >Jason "Bench Press" Starks > >On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Mr. Stark, >> >> Adhering to the tradition of my fathers, I do not sport any >facial >> hair and take offense to your comment, and since you're >obviously >> lacking basic observational skills I highly doubt you're even as >> talented as my Cadburys, at anything. >> >> - -bm >> >> On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks >> <jstarks440@...il.com> wrote: >> >Mr. Mustache, it is obvious that I have more talent than a box >of >> >chocolates, and that you envy the sadistic nature of your >fellow >> >trolls on >> >this list. Point blank. >> > >> >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com> >wrote: >> > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> Dear Valdis, >> >> >> >> I have been able to reproduce a similar situation using >Firefox >> >> under MacOSX, using different websites and a significantly >> >larger >> >> number of tabs. Do you think these issues might be related >or >> >are >> >> they operating system specific? What model of CPU were you >> >testing >> >> this issue under? >> >> >> >> Thanks, >> >> - -bm >> >> >> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache >> >> <security.mustache@...il.com> wrote: >> >> >I would like to point out that I have been able to create a >> >"hung" >> >> >state in the Firefox browser by opening 30 simultaneous tabs >> >> >pointed >> >> >at http://www.welcometointernet.org/lawnmower/ and adding a >> >31st >> >> >tab >> >> >viewing http://www.hotrussianbrides.com. >> >> > >> >> >Also, I am not amused. >> >> > >> >> > >> >> >Your humble servant, >> >> >Ze Mustache von Kletnieks >> >> > >> >> >On Mon, Mar 2, 2009 at 10:29 PM, ><bobby.mugabe@...hmail.com> >> >> >wrote: >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> Hash: SHA1 >> >> >> >> >> >> Dear Nick, >> >> >> >> >> >> You and Thierry Loller are wrong. >> >> >> >> >> >> - -bm >> >> >> >> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald >> ><nick@...us- >> >> >> l.demon.co.uk> wrote: >> >> >>>Chris Evans to Thierry Zoller: >> >> >>> >> >> >>>> > Example >> >> >>>> > If a chrome tab can be crashed arbritarely (remotely) >it >> >is >> >> >a >> >> >>>DoS attack >> >> >>>> > but with ridiculy low impact to the end-user as it >only >> >> >>>crashes the tab >> >> >>>> > it was subjected to, and not the whole browser or >> >operation >> >> >>>system. >> >> >>>> > But the fact remains that this was the impact of a DoS >> >> >>>condition, >> >> >>>> > the tab crashes arbritarily. >> >> >>>> >> >> >>>> Eh? If you visit www.evil.com and your tab crashes, >that's >> >no >> >> >>>> different from www.evil.com closing its own tab with >> >> >Javascript. >> >> >>> >> >> >>>But what if www.evil.com has run an injection attack of >some >> >> >kind >> >> >>>(SQL, >> >> >>>XSS in blog comments, etc, etc) against www.stupid.com? >> >> >>> >> >> >>>Visitors to stupid.com then suffer a DoS... >> >> >>> >> >> >>>Yes, stupid.com should run their site better, fix their >> >myriad >> >> >XSS >> >> >>>holes, >> >> >>>etc, etc. >> >> >>> >> >> >>>But this is the Internet, so this "software flaw" can be >> >> >leveraged >> >> >>>as >> >> >>>security vulnerability. >> >> >>> >> >> >>>I'm with Thierry on this... >> >> >>> >> >> >>> >> >> >>>Regards, >> >> >>> >> >> >>>Nick FitzGerald >> >> >>> >> >> >>> >> >> >>>_______________________________________________ >> >> >>>Full-Disclosure - We believe in it. >> >> >>>Charter: http://lists.grok.org.uk/full-disclosure- >> >charter.html >> >> >>>Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> -----BEGIN PGP SIGNATURE----- >> >> >> Charset: UTF8 >> >> >> Version: Hush 3.0 >> >> >> Note: This signature can be verified at >> >> >https://www.hushtools.com/verify >> >> >> >> >> >> >> >> >> >>>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh >8 >> >+ >> >> >0 >> >> >> >> >> >> >>>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fx >X >> >F >> >> >m >> >> >> >> >> >> >>>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5e >A >> >h >> >> >p >> >> >> UpXIZ1s= >> >> >> =zgqd >> >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> -- >> >> >> Become a medical transcriptionist at home, at your own >pace. >> >> >> >> >> >> >>>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc >7 >> >c >> >> >DXj4iASDyccuLtQA2i9f1le/ >> >> >> >> >> >> _______________________________________________ >> >> >> Full-Disclosure - We believe in it. >> >> >> Charter: http://lists.grok.org.uk/full-disclosure- >> >charter.html >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> >> > >> >> >_______________________________________________ >> >> >Full-Disclosure - We believe in it. >> >> >Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >> >> >Hosted and sponsored by Secunia - http://secunia.com/ >> >> -----BEGIN PGP SIGNATURE----- >> >> Charset: UTF8 >> >> Version: Hush 3.0 >> >> Note: This signature can be verified at >> >https://www.hushtools.com/verify >> >> >> >> >> >>wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVr >k >> >n >> >> >> >>TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlN >A >> >5 >> >> >> >>wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3v >j >> >u >> >> P7xAvvQ= >> >> =avqi >> >> -----END PGP SIGNATURE----- >> >> >> >> -- >> >> Click to find great rates on health insurance, save big, shop >> >here. >> >> >> >> >> >>http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2G >W >> >ai39WLJo4QlOxYCnjxaqn9u/ >> >> >> >> _______________________________________________ >> >> Full-Disclosure - We believe in it. >> >> Charter: http://lists.grok.org.uk/full-disclosure- >charter.html >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> -----BEGIN PGP SIGNATURE----- >> Charset: UTF8 >> Version: Hush 3.0 >> Note: This signature can be verified at >https://www.hushtools.com/verify >> >> >wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0JS >g >> >XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwrF >M >> >kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4C >L >> XTUWWLI= >> =FOnb >> -----END PGP SIGNATURE----- >> >> -- >> Become a medical transcriptionist at home, at your own pace. >> >> >http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEPV >YBzpFXa7E7s6QHH4MsdQbb6/ >> >> -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ6 1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixhk f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu3 eJKIjEU= =MEss -----END PGP SIGNATURE----- -- Click to find moving companies, movers, van lines, and auto transport services. Low prices. http://tagline.hushmail.com/fc/BLSrjkqhfqqZm9wDnmxCJFubdjlhBfmHURKGrvN6Q0FfT4PdKQnqKf1mLIk/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists