lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Mar 2009 18:19:43 -0500 From: bobby.mugabe@...hmail.com To: full-disclosure@...ts.grok.org.uk, jstarks440@...il.com Subject: Re: Apple Safari ... DoS Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Huh? - -bm On Tue, 03 Mar 2009 18:01:05 -0500 Jason Starks <jstarks440@...il.com> wrote: >Right.. > >>On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> >wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Mr. Stark, > >There. > >On Tue, Mar 3, 2009 at 5:56 PM, <bobby.mugabe@...hmail.com> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Where? >> >> - -bm >> >> On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks >> <jstarks440@...il.com> wrote: >> >Mr. Mustache, >> > >> >There is a missing "s" on the end of my last name. >> > >> >Yours truly, >> > >> >Jason "Bench Press" Starks >> > >> >On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> >wrote: >> > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> Mr. Stark, >> >> >> >> Adhering to the tradition of my fathers, I do not sport any >> >facial >> >> hair and take offense to your comment, and since you're >> >obviously >> >> lacking basic observational skills I highly doubt you're even >as >> >> talented as my Cadburys, at anything. >> >> >> >> - -bm >> >> >> >> On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks >> >> <jstarks440@...il.com> wrote: >> >> >Mr. Mustache, it is obvious that I have more talent than a >box >> >of >> >> >chocolates, and that you envy the sadistic nature of your >> >fellow >> >> >trolls on >> >> >this list. Point blank. >> >> > >> >> >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com> >> >wrote: >> >> > >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> Hash: SHA1 >> >> >> >> >> >> Dear Valdis, >> >> >> >> >> >> I have been able to reproduce a similar situation using >> >Firefox >> >> >> under MacOSX, using different websites and a significantly >> >> >larger >> >> >> number of tabs. Do you think these issues might be >related >> >or >> >> >are >> >> >> they operating system specific? What model of CPU were >you >> >> >testing >> >> >> this issue under? >> >> >> >> >> >> Thanks, >> >> >> - -bm >> >> >> >> >> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache >> >> >> <security.mustache@...il.com> wrote: >> >> >> >I would like to point out that I have been able to create >a >> >> >"hung" >> >> >> >state in the Firefox browser by opening 30 simultaneous >tabs >> >> >> >pointed >> >> >> >at http://www.welcometointernet.org/lawnmower/ and adding >a >> >> >31st >> >> >> >tab >> >> >> >viewing http://www.hotrussianbrides.com. >> >> >> > >> >> >> >Also, I am not amused. >> >> >> > >> >> >> > >> >> >> >Your humble servant, >> >> >> >Ze Mustache von Kletnieks >> >> >> > >> >> >> >On Mon, Mar 2, 2009 at 10:29 PM, >> ><bobby.mugabe@...hmail.com> >> >> >> >wrote: >> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> >> Hash: SHA1 >> >> >> >> >> >> >> >> Dear Nick, >> >> >> >> >> >> >> >> You and Thierry Loller are wrong. >> >> >> >> >> >> >> >> - -bm >> >> >> >> >> >> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald >> >> ><nick@...us- >> >> >> >> l.demon.co.uk> wrote: >> >> >> >>>Chris Evans to Thierry Zoller: >> >> >> >>> >> >> >> >>>> > Example >> >> >> >>>> > If a chrome tab can be crashed arbritarely >(remotely) >> >it >> >> >is >> >> >> >a >> >> >> >>>DoS attack >> >> >> >>>> > but with ridiculy low impact to the end-user as it >> >only >> >> >> >>>crashes the tab >> >> >> >>>> > it was subjected to, and not the whole browser or >> >> >operation >> >> >> >>>system. >> >> >> >>>> > But the fact remains that this was the impact of a >DoS >> >> >> >>>condition, >> >> >> >>>> > the tab crashes arbritarily. >> >> >> >>>> >> >> >> >>>> Eh? If you visit www.evil.com and your tab crashes, >> >that's >> >> >no >> >> >> >>>> different from www.evil.com closing its own tab with >> >> >> >Javascript. >> >> >> >>> >> >> >> >>>But what if www.evil.com has run an injection attack of >> >some >> >> >> >kind >> >> >> >>>(SQL, >> >> >> >>>XSS in blog comments, etc, etc) against www.stupid.com? >> >> >> >>> >> >> >> >>>Visitors to stupid.com then suffer a DoS... >> >> >> >>> >> >> >> >>>Yes, stupid.com should run their site better, fix their >> >> >myriad >> >> >> >XSS >> >> >> >>>holes, >> >> >> >>>etc, etc. >> >> >> >>> >> >> >> >>>But this is the Internet, so this "software flaw" can >be >> >> >> >leveraged >> >> >> >>>as >> >> >> >>>security vulnerability. >> >> >> >>> >> >> >> >>>I'm with Thierry on this... >> >> >> >>> >> >> >> >>> >> >> >> >>>Regards, >> >> >> >>> >> >> >> >>>Nick FitzGerald >> >> >> >>> >> >> >> >>> >> >> >> >>>_______________________________________________ >> >> >> >>>Full-Disclosure - We believe in it. >> >> >> >>>Charter: http://lists.grok.org.uk/full-disclosure- >> >> >charter.html >> >> >> >>>Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> -----BEGIN PGP SIGNATURE----- >> >> >> >> Charset: UTF8 >> >> >> >> Version: Hush 3.0 >> >> >> >> Note: This signature can be verified at >> >> >> >https://www.hushtools.com/verify >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>>>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qv >h >> >8 >> >> >+ >> >> >> >0 >> >> >> >> >> >> >> >> >> >> >>>>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53f >x >> >X >> >> >F >> >> >> >m >> >> >> >> >> >> >> >> >> >> >>>>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5 >e >> >A >> >> >h >> >> >> >p >> >> >> >> UpXIZ1s= >> >> >> >> =zgqd >> >> >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> >> >> -- >> >> >> >> Become a medical transcriptionist at home, at your own >> >pace. >> >> >> >> >> >> >> >> >> >> >>>>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWaf >c >> >7 >> >> >c >> >> >> >DXj4iASDyccuLtQA2i9f1le/ >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> Full-Disclosure - We believe in it. >> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure- >> >> >charter.html >> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> >> >> >> > >> >> >> >_______________________________________________ >> >> >> >Full-Disclosure - We believe in it. >> >> >> >Charter: http://lists.grok.org.uk/full-disclosure- >> >charter.html >> >> >> >Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> -----BEGIN PGP SIGNATURE----- >> >> >> Charset: UTF8 >> >> >> Version: Hush 3.0 >> >> >> Note: This signature can be verified at >> >> >https://www.hushtools.com/verify >> >> >> >> >> >> >> >> >> >>>wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDV >r >> >k >> >> >n >> >> >> >> >> >> >>>TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGl >N >> >A >> >> >5 >> >> >> >> >> >> >>>wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3 >v >> >j >> >> >u >> >> >> P7xAvvQ= >> >> >> =avqi >> >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> -- >> >> >> Click to find great rates on health insurance, save big, >shop >> >> >here. >> >> >> >> >> >> >> >> >> >>>http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2 >G >> >W >> >> >ai39WLJo4QlOxYCnjxaqn9u/ >> >> >> >> >> >> _______________________________________________ >> >> >> Full-Disclosure - We believe in it. >> >> >> Charter: http://lists.grok.org.uk/full-disclosure- >> >charter.html >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> >> Charset: UTF8 >> >> Version: Hush 3.0 >> >> Note: This signature can be verified at >> >https://www.hushtools.com/verify >> >> >> >> >> >>wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0J >S >> >g >> >> >> >>XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwr >F >> >M >> >> >> >>kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4 >C >> >L >> >> XTUWWLI= >> >> =FOnb >> >> -----END PGP SIGNATURE----- >> >> >> >> -- >> >> Become a medical transcriptionist at home, at your own pace. >> >> >> >> >> >>http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEP >V >> >YBzpFXa7E7s6QHH4MsdQbb6/ >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Charset: UTF8 >> Version: Hush 3.0 >> Note: This signature can be verified at >https://www.hushtools.com/verify >> >> >wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ >6 >> >1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixh >k >> >f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu >3 >> eJKIjEU= >> =MEss >> -----END PGP SIGNATURE----- >> >> -- >> Thinking of a life with religion? Click here to find a >religious school >> near you. >> >> >http://tagline.hushmail.com/fc/BLSrjkqkOt23N64MfCBCDe7Ocvf3t1DcVFSD >ppHSTZUDCQJQcaRhPY88GLe/ >> >> -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkmtum0ACgkQhNp8gzZx3shySwP+OZMe7L1APo1tHQGxgLBlTmxkyUZ9 jD9SakBnwfIuU0aPalwatTGBu+BHK6hIk9WGT1dtwFWLOddVCVKp0bxYXftfJDuBof0R +d/NjrRgM8fbz4LEOMe+hmszkDjhvAoqYQYBVjCJ31BxQru7NUqM41Su7nOYCUmUtlAr u+o2+pM= =ER1V -----END PGP SIGNATURE----- -- Click to compare and save on auto insurance. http://tagline.hushmail.com/fc/BLSrjkqePmhghqMaGaggjPnPM0pjaa1RceGUNRckcAOdpQpjeXgN4mgu11G/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists