[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20090303233040.472D328042@smtp.hushmail.com>
Date: Tue, 03 Mar 2009 18:30:39 -0500
From: bobby.mugabe@...hmail.com
To: full-disclosure@...ts.grok.org.uk, security.mustache@...il.com
Subject: Re: Apple Safari ... DoS Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sir,
If you can't tell the difference between my father and my self,
then I will have trouble believing that you are the mustache and
not the man.
thanks,
- -bm
On Tue, 03 Mar 2009 18:21:23 -0500 Valdis' Mustache
<security.mustache@...il.com> wrote:
>Mr. Snarks,
>
>If you can't tell the difference between the Zimbabwean president
>and
>what's under my esteemed owner's nose I suggest you consult RFC
>2821
>for guidance.
>
>I am NOT amused.
>
>
>Your humble servant,
>V knír z Valdis
>
>On Tue, Mar 3, 2009 at 6:01 PM, Jason Starks
><jstarks440@...il.com> wrote:
>> Right..
>>
>>>On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com>
>wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Mr. Stark,
>>
>> There.
>>
>> On Tue, Mar 3, 2009 at 5:56 PM, <bobby.mugabe@...hmail.com>
>wrote:
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Where?
>>>
>>> - -bm
>>>
>>> On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks
>>> <jstarks440@...il.com> wrote:
>>> >Mr. Mustache,
>>> >
>>> >There is a missing "s" on the end of my last name.
>>> >
>>> >Yours truly,
>>> >
>>> >Jason "Bench Press" Starks
>>> >
>>> >On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com>
>wrote:
>>> >
>>> >> -----BEGIN PGP SIGNED MESSAGE-----
>>> >> Hash: SHA1
>>> >>
>>> >> Mr. Stark,
>>> >>
>>> >> Adhering to the tradition of my fathers, I do not sport any
>>> >facial
>>> >> hair and take offense to your comment, and since you're
>>> >obviously
>>> >> lacking basic observational skills I highly doubt you're
>even as
>>> >> talented as my Cadburys, at anything.
>>> >>
>>> >> - -bm
>>> >>
>>> >> On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks
>>> >> <jstarks440@...il.com> wrote:
>>> >> >Mr. Mustache, it is obvious that I have more talent than a
>box
>>> >of
>>> >> >chocolates, and that you envy the sadistic nature of your
>>> >fellow
>>> >> >trolls on
>>> >> >this list. Point blank.
>>> >> >
>>> >> >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com>
>>> >wrote:
>>> >> >
>>> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>>> >> >> Hash: SHA1
>>> >> >>
>>> >> >> Dear Valdis,
>>> >> >>
>>> >> >> I have been able to reproduce a similar situation using
>>> >Firefox
>>> >> >> under MacOSX, using different websites and a
>significantly
>>> >> >larger
>>> >> >> number of tabs. Do you think these issues might be
>related
>>> >or
>>> >> >are
>>> >> >> they operating system specific? What model of CPU were
>you
>>> >> >testing
>>> >> >> this issue under?
>>> >> >>
>>> >> >> Thanks,
>>> >> >> - -bm
>>> >> >>
>>> >> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache
>>> >> >> <security.mustache@...il.com> wrote:
>>> >> >> >I would like to point out that I have been able to
>create a
>>> >> >"hung"
>>> >> >> >state in the Firefox browser by opening 30 simultaneous
>tabs
>>> >> >> >pointed
>>> >> >> >at http://www.welcometointernet.org/lawnmower/ and
>adding a
>>> >> >31st
>>> >> >> >tab
>>> >> >> >viewing http://www.hotrussianbrides.com.
>>> >> >> >
>>> >> >> >Also, I am not amused.
>>> >> >> >
>>> >> >> >
>>> >> >> >Your humble servant,
>>> >> >> >Ze Mustache von Kletnieks
>>> >> >> >
>>> >> >> >On Mon, Mar 2, 2009 at 10:29 PM,
>>> ><bobby.mugabe@...hmail.com>
>>> >> >> >wrote:
>>> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>>> >> >> >> Hash: SHA1
>>> >> >> >>
>>> >> >> >> Dear Nick,
>>> >> >> >>
>>> >> >> >> You and Thierry Loller are wrong.
>>> >> >> >>
>>> >> >> >> - -bm
>>> >> >> >>
>>> >> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald
>>> >> ><nick@...us-
>>> >> >> >> l.demon.co.uk> wrote:
>>> >> >> >>>Chris Evans to Thierry Zoller:
>>> >> >> >>>
>>> >> >> >>>> > Example
>>> >> >> >>>> > If a chrome tab can be crashed arbritarely
>(remotely)
>>> >it
>>> >> >is
>>> >> >> >a
>>> >> >> >>>DoS attack
>>> >> >> >>>> > but with ridiculy low impact to the end-user as it
>>> >only
>>> >> >> >>>crashes the tab
>>> >> >> >>>> > it was subjected to, and not the whole browser or
>>> >> >operation
>>> >> >> >>>system.
>>> >> >> >>>> > But the fact remains that this was the impact of a
>DoS
>>> >> >> >>>condition,
>>> >> >> >>>> > the tab crashes arbritarily.
>>> >> >> >>>>
>>> >> >> >>>> Eh? If you visit www.evil.com and your tab crashes,
>>> >that's
>>> >> >no
>>> >> >> >>>> different from www.evil.com closing its own tab with
>>> >> >> >Javascript.
>>> >> >> >>>
>>> >> >> >>>But what if www.evil.com has run an injection attack
>of
>>> >some
>>> >> >> >kind
>>> >> >> >>>(SQL,
>>> >> >> >>>XSS in blog comments, etc, etc) against
>www.stupid.com?
>>> >> >> >>>
>>> >> >> >>>Visitors to stupid.com then suffer a DoS...
>>> >> >> >>>
>>> >> >> >>>Yes, stupid.com should run their site better, fix
>their
>>> >> >myriad
>>> >> >> >XSS
>>> >> >> >>>holes,
>>> >> >> >>>etc, etc.
>>> >> >> >>>
>>> >> >> >>>But this is the Internet, so this "software flaw" can
>be
>>> >> >> >leveraged
>>> >> >> >>>as
>>> >> >> >>>security vulnerability.
>>> >> >> >>>
>>> >> >> >>>I'm with Thierry on this...
>>> >> >> >>>
>>> >> >> >>>
>>> >> >> >>>Regards,
>>> >> >> >>>
>>> >> >> >>>Nick FitzGerald
>>> >> >> >>>
>>> >> >> >>>
>>> >> >> >>>_______________________________________________
>>> >> >> >>>Full-Disclosure - We believe in it.
>>> >> >> >>>Charter: http://lists.grok.org.uk/full-disclosure-
>>> >> >charter.html
>>> >> >> >>>Hosted and sponsored by Secunia - http://secunia.com/
>>> >> >> >> -----BEGIN PGP SIGNATURE-----
>>> >> >> >> Charset: UTF8
>>> >> >> >> Version: Hush 3.0
>>> >> >> >> Note: This signature can be verified at
>>> >> >> >https://www.hushtools.com/verify
>>> >> >> >>
>>> >> >> >>
>>> >> >>
>>> >>
>>>
>>>>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qv
>h
>>> >8
>>> >> >+
>>> >> >> >0
>>> >> >> >>
>>> >> >>
>>> >>
>>>
>>>>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53f
>x
>>> >X
>>> >> >F
>>> >> >> >m
>>> >> >> >>
>>> >> >>
>>> >>
>>>
>>>>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5
>e
>>> >A
>>> >> >h
>>> >> >> >p
>>> >> >> >> UpXIZ1s=
>>> >> >> >> =zgqd
>>> >> >> >> -----END PGP SIGNATURE-----
>>> >> >> >>
>>> >> >> >> --
>>> >> >> >> Become a medical transcriptionist at home, at your own
>>> >pace.
>>> >> >> >>
>>> >> >>
>>> >>
>>>
>>>>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWaf
>c
>>> >7
>>> >> >c
>>> >> >> >DXj4iASDyccuLtQA2i9f1le/
>>> >> >> >>
>>> >> >> >> _______________________________________________
>>> >> >> >> Full-Disclosure - We believe in it.
>>> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
>>> >> >charter.html
>>> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>> >> >> >>
>>> >> >> >
>>> >> >> >_______________________________________________
>>> >> >> >Full-Disclosure - We believe in it.
>>> >> >> >Charter: http://lists.grok.org.uk/full-disclosure-
>>> >charter.html
>>> >> >> >Hosted and sponsored by Secunia - http://secunia.com/
>>> >> >> -----BEGIN PGP SIGNATURE-----
>>> >> >> Charset: UTF8
>>> >> >> Version: Hush 3.0
>>> >> >> Note: This signature can be verified at
>>> >> >https://www.hushtools.com/verify
>>> >> >>
>>> >> >>
>>> >>
>>>
>>>wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDV
>r
>>> >k
>>> >> >n
>>> >> >>
>>> >>
>>>
>>>TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGl
>N
>>> >A
>>> >> >5
>>> >> >>
>>> >>
>>>
>>>wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3
>v
>>> >j
>>> >> >u
>>> >> >> P7xAvvQ=
>>> >> >> =avqi
>>> >> >> -----END PGP SIGNATURE-----
>>> >> >>
>>> >> >> --
>>> >> >> Click to find great rates on health insurance, save big,
>shop
>>> >> >here.
>>> >> >>
>>> >> >>
>>> >>
>>>
>>>http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2
>G
>>> >W
>>> >> >ai39WLJo4QlOxYCnjxaqn9u/
>>> >> >>
>>> >> >> _______________________________________________
>>> >> >> Full-Disclosure - We believe in it.
>>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
>>> >charter.html
>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>> >> >>
>>> >> -----BEGIN PGP SIGNATURE-----
>>> >> Charset: UTF8
>>> >> Version: Hush 3.0
>>> >> Note: This signature can be verified at
>>> >https://www.hushtools.com/verify
>>> >>
>>> >>
>>>
>>wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0J
>S
>>> >g
>>> >>
>>>
>>XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwr
>F
>>> >M
>>> >>
>>>
>>kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4
>C
>>> >L
>>> >> XTUWWLI=
>>> >> =FOnb
>>> >> -----END PGP SIGNATURE-----
>>> >>
>>> >> --
>>> >> Become a medical transcriptionist at home, at your own pace.
>>> >>
>>> >>
>>>
>>http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEP
>V
>>> >YBzpFXa7E7s6QHH4MsdQbb6/
>>> >>
>>> >>
>>> -----BEGIN PGP SIGNATURE-----
>>> Charset: UTF8
>>> Version: Hush 3.0
>>> Note: This signature can be verified at
>https://www.hushtools.com/verify
>>>
>>>
>wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ
>6
>>>
>1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixh
>k
>>>
>f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu
>3
>>> eJKIjEU=
>>> =MEss
>>> -----END PGP SIGNATURE-----
>>>
>>> --
>>> Thinking of a life with religion? Click here to find a
>religious school
>>> near you.
>>>
>>>
>http://tagline.hushmail.com/fc/BLSrjkqkOt23N64MfCBCDe7Ocvf3t1DcVFSD
>ppHSTZUDCQJQcaRhPY88GLe/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wpwEAQMCAAYFAkmtvP8ACgkQhNp8gzZx3siqJgQArCC3Q9noiXDVZd93umNMtDrxmy3A
TGY2TbuHzn3cJrY35qj6pAEnNtTx88eDo1mUEZE2A6jFYr/9U+Mr/wsD94+24RVVx14i
uqE/CRX2+66Dp9GJyS2p5u5X3YwnJ3+d4jiOUtXZxhK8Q4QJXBcAH3DJGkGqgJUBAFLc
mYVnky4=
=EUMn
-----END PGP SIGNATURE-----
--
Upgrade your kitchen or bath with beautiful new countertops. Click now!
http://tagline.hushmail.com/fc/BLSrjkqb18CZCWUV7c3wawr5yyv0hZ2UBKVIEDK2LCipoCyDvrX6QJebVPi/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists