lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 03 Mar 2009 18:19:43 -0500
From: bobby.mugabe@...hmail.com
To: full-disclosure@...ts.grok.org.uk, jstarks440@...il.com
Subject: Re: Apple Safari ... DoS Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Huh?

- -bm

On Tue, 03 Mar 2009 18:01:05 -0500 Jason Starks
<jstarks440@...il.com> wrote:
>Right..
>
>>On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com>
>wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Mr. Stark,
>
>There.
>
>On Tue, Mar 3, 2009 at 5:56 PM, <bobby.mugabe@...hmail.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Where?
>>
>> - -bm
>>
>> On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks
>> <jstarks440@...il.com> wrote:
>> >Mr. Mustache,
>> >
>> >There is a missing "s" on the end of my last name.
>> >
>> >Yours truly,
>> >
>> >Jason "Bench Press" Starks
>> >
>> >On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com>
>wrote:
>> >
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA1
>> >>
>> >> Mr. Stark,
>> >>
>> >> Adhering to the tradition of my fathers, I do not sport any
>> >facial
>> >> hair and take offense to your comment, and since you're
>> >obviously
>> >> lacking basic observational skills I highly doubt you're even
>as
>> >> talented as my Cadburys, at anything.
>> >>
>> >> - -bm
>> >>
>> >> On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks
>> >> <jstarks440@...il.com> wrote:
>> >> >Mr. Mustache, it is obvious that I have more talent than a
>box
>> >of
>> >> >chocolates, and that you envy the sadistic nature of your
>> >fellow
>> >> >trolls on
>> >> >this list. Point blank.
>> >> >
>> >> >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com>
>> >wrote:
>> >> >
>> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> Hash: SHA1
>> >> >>
>> >> >> Dear Valdis,
>> >> >>
>> >> >> I have been able to reproduce a similar situation using
>> >Firefox
>> >> >> under MacOSX, using different websites and a significantly
>> >> >larger
>> >> >> number of tabs.  Do you think these issues might be
>related
>> >or
>> >> >are
>> >> >> they operating system specific?  What model of CPU were
>you
>> >> >testing
>> >> >> this issue under?
>> >> >>
>> >> >> Thanks,
>> >> >> - -bm
>> >> >>
>> >> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache
>> >> >> <security.mustache@...il.com> wrote:
>> >> >> >I would like to point out that I have been able to create
>a
>> >> >"hung"
>> >> >> >state in the Firefox browser by opening 30 simultaneous
>tabs
>> >> >> >pointed
>> >> >> >at http://www.welcometointernet.org/lawnmower/ and adding
>a
>> >> >31st
>> >> >> >tab
>> >> >> >viewing http://www.hotrussianbrides.com.
>> >> >> >
>> >> >> >Also, I am not amused.
>> >> >> >
>> >> >> >
>> >> >> >Your humble servant,
>> >> >> >Ze Mustache von Kletnieks
>> >> >> >
>> >> >> >On Mon, Mar 2, 2009 at 10:29 PM,
>> ><bobby.mugabe@...hmail.com>
>> >> >> >wrote:
>> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> Hash: SHA1
>> >> >> >>
>> >> >> >> Dear Nick,
>> >> >> >>
>> >> >> >> You and Thierry Loller are wrong.
>> >> >> >>
>> >> >> >> - -bm
>> >> >> >>
>> >> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald
>> >> ><nick@...us-
>> >> >> >> l.demon.co.uk> wrote:
>> >> >> >>>Chris Evans to Thierry Zoller:
>> >> >> >>>
>> >> >> >>>> > Example
>> >> >> >>>> > If a chrome tab can be crashed arbritarely
>(remotely)
>> >it
>> >> >is
>> >> >> >a
>> >> >> >>>DoS attack
>> >> >> >>>> > but with ridiculy low impact to the end-user as it
>> >only
>> >> >> >>>crashes the tab
>> >> >> >>>> > it was subjected to, and not the whole browser or
>> >> >operation
>> >> >> >>>system.
>> >> >> >>>> > But the fact remains that this was the impact of a
>DoS
>> >> >> >>>condition,
>> >> >> >>>> > the tab crashes arbritarily.
>> >> >> >>>>
>> >> >> >>>> Eh? If you visit www.evil.com and your tab crashes,
>> >that's
>> >> >no
>> >> >> >>>> different from www.evil.com closing its own tab with
>> >> >> >Javascript.
>> >> >> >>>
>> >> >> >>>But what if www.evil.com has run an injection attack of
>> >some
>> >> >> >kind
>> >> >> >>>(SQL,
>> >> >> >>>XSS in blog comments, etc, etc) against www.stupid.com?
>> >> >> >>>
>> >> >> >>>Visitors to stupid.com then suffer a DoS...
>> >> >> >>>
>> >> >> >>>Yes, stupid.com should run their site better, fix their
>> >> >myriad
>> >> >> >XSS
>> >> >> >>>holes,
>> >> >> >>>etc, etc.
>> >> >> >>>
>> >> >> >>>But this is the Internet, so this "software flaw" can
>be
>> >> >> >leveraged
>> >> >> >>>as
>> >> >> >>>security vulnerability.
>> >> >> >>>
>> >> >> >>>I'm with Thierry on this...
>> >> >> >>>
>> >> >> >>>
>> >> >> >>>Regards,
>> >> >> >>>
>> >> >> >>>Nick FitzGerald
>> >> >> >>>
>> >> >> >>>
>> >> >> >>>_______________________________________________
>> >> >> >>>Full-Disclosure - We believe in it.
>> >> >> >>>Charter: http://lists.grok.org.uk/full-disclosure-
>> >> >charter.html
>> >> >> >>>Hosted and sponsored by Secunia - http://secunia.com/
>> >> >> >> -----BEGIN PGP SIGNATURE-----
>> >> >> >> Charset: UTF8
>> >> >> >> Version: Hush 3.0
>> >> >> >> Note: This signature can be verified at
>> >> >> >https://www.hushtools.com/verify
>> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>>
>>>>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qv
>h
>> >8
>> >> >+
>> >> >> >0
>> >> >> >>
>> >> >>
>> >>
>>
>>>>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53f
>x
>> >X
>> >> >F
>> >> >> >m
>> >> >> >>
>> >> >>
>> >>
>>
>>>>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5
>e
>> >A
>> >> >h
>> >> >> >p
>> >> >> >> UpXIZ1s=
>> >> >> >> =zgqd
>> >> >> >> -----END PGP SIGNATURE-----
>> >> >> >>
>> >> >> >> --
>> >> >> >> Become a medical transcriptionist at home, at your own
>> >pace.
>> >> >> >>
>> >> >>
>> >>
>>
>>>>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWaf
>c
>> >7
>> >> >c
>> >> >> >DXj4iASDyccuLtQA2i9f1le/
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> Full-Disclosure - We believe in it.
>> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
>> >> >charter.html
>> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >> >> >>
>> >> >> >
>> >> >> >_______________________________________________
>> >> >> >Full-Disclosure - We believe in it.
>> >> >> >Charter: http://lists.grok.org.uk/full-disclosure-
>> >charter.html
>> >> >> >Hosted and sponsored by Secunia - http://secunia.com/
>> >> >> -----BEGIN PGP SIGNATURE-----
>> >> >> Charset: UTF8
>> >> >> Version: Hush 3.0
>> >> >> Note: This signature can be verified at
>> >> >https://www.hushtools.com/verify
>> >> >>
>> >> >>
>> >>
>>
>>>wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDV
>r
>> >k
>> >> >n
>> >> >>
>> >>
>>
>>>TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGl
>N
>> >A
>> >> >5
>> >> >>
>> >>
>>
>>>wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3
>v
>> >j
>> >> >u
>> >> >> P7xAvvQ=
>> >> >> =avqi
>> >> >> -----END PGP SIGNATURE-----
>> >> >>
>> >> >> --
>> >> >> Click to find great rates on health insurance, save big,
>shop
>> >> >here.
>> >> >>
>> >> >>
>> >>
>>
>>>http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2
>G
>> >W
>> >> >ai39WLJo4QlOxYCnjxaqn9u/
>> >> >>
>> >> >> _______________________________________________
>> >> >> Full-Disclosure - We believe in it.
>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
>> >charter.html
>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >> >>
>> >> -----BEGIN PGP SIGNATURE-----
>> >> Charset: UTF8
>> >> Version: Hush 3.0
>> >> Note: This signature can be verified at
>> >https://www.hushtools.com/verify
>> >>
>> >>
>>
>>wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0J
>S
>> >g
>> >>
>>
>>XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwr
>F
>> >M
>> >>
>>
>>kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4
>C
>> >L
>> >> XTUWWLI=
>> >> =FOnb
>> >> -----END PGP SIGNATURE-----
>> >>
>> >> --
>> >> Become a medical transcriptionist at home, at your own pace.
>> >>
>> >>
>>
>>http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEP
>V
>> >YBzpFXa7E7s6QHH4MsdQbb6/
>> >>
>> >>
>> -----BEGIN PGP SIGNATURE-----
>> Charset: UTF8
>> Version: Hush 3.0
>> Note: This signature can be verified at
>https://www.hushtools.com/verify
>>
>>
>wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ
>6
>>
>1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixh
>k
>>
>f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu
>3
>> eJKIjEU=
>> =MEss
>> -----END PGP SIGNATURE-----
>>
>> --
>> Thinking of a life with religion?  Click here to find a
>religious school
>> near you.
>>
>>
>http://tagline.hushmail.com/fc/BLSrjkqkOt23N64MfCBCDe7Ocvf3t1DcVFSD
>ppHSTZUDCQJQcaRhPY88GLe/
>>
>>
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkmtum0ACgkQhNp8gzZx3shySwP+OZMe7L1APo1tHQGxgLBlTmxkyUZ9
jD9SakBnwfIuU0aPalwatTGBu+BHK6hIk9WGT1dtwFWLOddVCVKp0bxYXftfJDuBof0R
+d/NjrRgM8fbz4LEOMe+hmszkDjhvAoqYQYBVjCJ31BxQru7NUqM41Su7nOYCUmUtlAr
u+o2+pM=
=ER1V
-----END PGP SIGNATURE-----

--
Click to compare and save on auto insurance.
 http://tagline.hushmail.com/fc/BLSrjkqePmhghqMaGaggjPnPM0pjaa1RceGUNRckcAOdpQpjeXgN4mgu11G/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists