| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Mar 2009 18:30:39 -0500 From: bobby.mugabe@...hmail.com To: full-disclosure@...ts.grok.org.uk, security.mustache@...il.com Subject: Re: Apple Safari ... DoS Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sir, If you can't tell the difference between my father and my self, then I will have trouble believing that you are the mustache and not the man. thanks, - -bm On Tue, 03 Mar 2009 18:21:23 -0500 Valdis' Mustache <security.mustache@...il.com> wrote: >Mr. Snarks, > >If you can't tell the difference between the Zimbabwean president >and >what's under my esteemed owner's nose I suggest you consult RFC >2821 >for guidance. > >I am NOT amused. > > >Your humble servant, >V knír z Valdis > >On Tue, Mar 3, 2009 at 6:01 PM, Jason Starks ><jstarks440@...il.com> wrote: >> Right.. >> >>>On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> >wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Mr. Stark, >> >> There. >> >> On Tue, Mar 3, 2009 at 5:56 PM, <bobby.mugabe@...hmail.com> >wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Where? >>> >>> - -bm >>> >>> On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks >>> <jstarks440@...il.com> wrote: >>> >Mr. Mustache, >>> > >>> >There is a missing "s" on the end of my last name. >>> > >>> >Yours truly, >>> > >>> >Jason "Bench Press" Starks >>> > >>> >On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@...hmail.com> >wrote: >>> > >>> >> -----BEGIN PGP SIGNED MESSAGE----- >>> >> Hash: SHA1 >>> >> >>> >> Mr. Stark, >>> >> >>> >> Adhering to the tradition of my fathers, I do not sport any >>> >facial >>> >> hair and take offense to your comment, and since you're >>> >obviously >>> >> lacking basic observational skills I highly doubt you're >even as >>> >> talented as my Cadburys, at anything. >>> >> >>> >> - -bm >>> >> >>> >> On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks >>> >> <jstarks440@...il.com> wrote: >>> >> >Mr. Mustache, it is obvious that I have more talent than a >box >>> >of >>> >> >chocolates, and that you envy the sadistic nature of your >>> >fellow >>> >> >trolls on >>> >> >this list. Point blank. >>> >> > >>> >> >On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@...hmail.com> >>> >wrote: >>> >> > >>> >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> >> >> Hash: SHA1 >>> >> >> >>> >> >> Dear Valdis, >>> >> >> >>> >> >> I have been able to reproduce a similar situation using >>> >Firefox >>> >> >> under MacOSX, using different websites and a >significantly >>> >> >larger >>> >> >> number of tabs. Do you think these issues might be >related >>> >or >>> >> >are >>> >> >> they operating system specific? What model of CPU were >you >>> >> >testing >>> >> >> this issue under? >>> >> >> >>> >> >> Thanks, >>> >> >> - -bm >>> >> >> >>> >> >> On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache >>> >> >> <security.mustache@...il.com> wrote: >>> >> >> >I would like to point out that I have been able to >create a >>> >> >"hung" >>> >> >> >state in the Firefox browser by opening 30 simultaneous >tabs >>> >> >> >pointed >>> >> >> >at http://www.welcometointernet.org/lawnmower/ and >adding a >>> >> >31st >>> >> >> >tab >>> >> >> >viewing http://www.hotrussianbrides.com. >>> >> >> > >>> >> >> >Also, I am not amused. >>> >> >> > >>> >> >> > >>> >> >> >Your humble servant, >>> >> >> >Ze Mustache von Kletnieks >>> >> >> > >>> >> >> >On Mon, Mar 2, 2009 at 10:29 PM, >>> ><bobby.mugabe@...hmail.com> >>> >> >> >wrote: >>> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> >> >> >> Hash: SHA1 >>> >> >> >> >>> >> >> >> Dear Nick, >>> >> >> >> >>> >> >> >> You and Thierry Loller are wrong. >>> >> >> >> >>> >> >> >> - -bm >>> >> >> >> >>> >> >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald >>> >> ><nick@...us- >>> >> >> >> l.demon.co.uk> wrote: >>> >> >> >>>Chris Evans to Thierry Zoller: >>> >> >> >>> >>> >> >> >>>> > Example >>> >> >> >>>> > If a chrome tab can be crashed arbritarely >(remotely) >>> >it >>> >> >is >>> >> >> >a >>> >> >> >>>DoS attack >>> >> >> >>>> > but with ridiculy low impact to the end-user as it >>> >only >>> >> >> >>>crashes the tab >>> >> >> >>>> > it was subjected to, and not the whole browser or >>> >> >operation >>> >> >> >>>system. >>> >> >> >>>> > But the fact remains that this was the impact of a >DoS >>> >> >> >>>condition, >>> >> >> >>>> > the tab crashes arbritarily. >>> >> >> >>>> >>> >> >> >>>> Eh? If you visit www.evil.com and your tab crashes, >>> >that's >>> >> >no >>> >> >> >>>> different from www.evil.com closing its own tab with >>> >> >> >Javascript. >>> >> >> >>> >>> >> >> >>>But what if www.evil.com has run an injection attack >of >>> >some >>> >> >> >kind >>> >> >> >>>(SQL, >>> >> >> >>>XSS in blog comments, etc, etc) against >www.stupid.com? >>> >> >> >>> >>> >> >> >>>Visitors to stupid.com then suffer a DoS... >>> >> >> >>> >>> >> >> >>>Yes, stupid.com should run their site better, fix >their >>> >> >myriad >>> >> >> >XSS >>> >> >> >>>holes, >>> >> >> >>>etc, etc. >>> >> >> >>> >>> >> >> >>>But this is the Internet, so this "software flaw" can >be >>> >> >> >leveraged >>> >> >> >>>as >>> >> >> >>>security vulnerability. >>> >> >> >>> >>> >> >> >>>I'm with Thierry on this... >>> >> >> >>> >>> >> >> >>> >>> >> >> >>>Regards, >>> >> >> >>> >>> >> >> >>>Nick FitzGerald >>> >> >> >>> >>> >> >> >>> >>> >> >> >>>_______________________________________________ >>> >> >> >>>Full-Disclosure - We believe in it. >>> >> >> >>>Charter: http://lists.grok.org.uk/full-disclosure- >>> >> >charter.html >>> >> >> >>>Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> -----BEGIN PGP SIGNATURE----- >>> >> >> >> Charset: UTF8 >>> >> >> >> Version: Hush 3.0 >>> >> >> >> Note: This signature can be verified at >>> >> >> >https://www.hushtools.com/verify >>> >> >> >> >>> >> >> >> >>> >> >> >>> >> >>> >>>>wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qv >h >>> >8 >>> >> >+ >>> >> >> >0 >>> >> >> >> >>> >> >> >>> >> >>> >>>>b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53f >x >>> >X >>> >> >F >>> >> >> >m >>> >> >> >> >>> >> >> >>> >> >>> >>>>7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5 >e >>> >A >>> >> >h >>> >> >> >p >>> >> >> >> UpXIZ1s= >>> >> >> >> =zgqd >>> >> >> >> -----END PGP SIGNATURE----- >>> >> >> >> >>> >> >> >> -- >>> >> >> >> Become a medical transcriptionist at home, at your own >>> >pace. >>> >> >> >> >>> >> >> >>> >> >>> >>>>http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWaf >c >>> >7 >>> >> >c >>> >> >> >DXj4iASDyccuLtQA2i9f1le/ >>> >> >> >> >>> >> >> >> _______________________________________________ >>> >> >> >> Full-Disclosure - We believe in it. >>> >> >> >> Charter: http://lists.grok.org.uk/full-disclosure- >>> >> >charter.html >>> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> >>> >> >> > >>> >> >> >_______________________________________________ >>> >> >> >Full-Disclosure - We believe in it. >>> >> >> >Charter: http://lists.grok.org.uk/full-disclosure- >>> >charter.html >>> >> >> >Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> -----BEGIN PGP SIGNATURE----- >>> >> >> Charset: UTF8 >>> >> >> Version: Hush 3.0 >>> >> >> Note: This signature can be verified at >>> >> >https://www.hushtools.com/verify >>> >> >> >>> >> >> >>> >> >>> >>>wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDV >r >>> >k >>> >> >n >>> >> >> >>> >> >>> >>>TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGl >N >>> >A >>> >> >5 >>> >> >> >>> >> >>> >>>wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3 >v >>> >j >>> >> >u >>> >> >> P7xAvvQ= >>> >> >> =avqi >>> >> >> -----END PGP SIGNATURE----- >>> >> >> >>> >> >> -- >>> >> >> Click to find great rates on health insurance, save big, >shop >>> >> >here. >>> >> >> >>> >> >> >>> >> >>> >>>http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2 >G >>> >W >>> >> >ai39WLJo4QlOxYCnjxaqn9u/ >>> >> >> >>> >> >> _______________________________________________ >>> >> >> Full-Disclosure - We believe in it. >>> >> >> Charter: http://lists.grok.org.uk/full-disclosure- >>> >charter.html >>> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >>> >> -----BEGIN PGP SIGNATURE----- >>> >> Charset: UTF8 >>> >> Version: Hush 3.0 >>> >> Note: This signature can be verified at >>> >https://www.hushtools.com/verify >>> >> >>> >> >>> >>wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0J >S >>> >g >>> >> >>> >>XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwr >F >>> >M >>> >> >>> >>kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4 >C >>> >L >>> >> XTUWWLI= >>> >> =FOnb >>> >> -----END PGP SIGNATURE----- >>> >> >>> >> -- >>> >> Become a medical transcriptionist at home, at your own pace. >>> >> >>> >> >>> >>http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEP >V >>> >YBzpFXa7E7s6QHH4MsdQbb6/ >>> >> >>> >> >>> -----BEGIN PGP SIGNATURE----- >>> Charset: UTF8 >>> Version: Hush 3.0 >>> Note: This signature can be verified at >https://www.hushtools.com/verify >>> >>> >wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ >6 >>> >1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixh >k >>> >f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu >3 >>> eJKIjEU= >>> =MEss >>> -----END PGP SIGNATURE----- >>> >>> -- >>> Thinking of a life with religion? Click here to find a >religious school >>> near you. >>> >>> >http://tagline.hushmail.com/fc/BLSrjkqkOt23N64MfCBCDe7Ocvf3t1DcVFSD >ppHSTZUDCQJQcaRhPY88GLe/ >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkmtvP8ACgkQhNp8gzZx3siqJgQArCC3Q9noiXDVZd93umNMtDrxmy3A TGY2TbuHzn3cJrY35qj6pAEnNtTx88eDo1mUEZE2A6jFYr/9U+Mr/wsD94+24RVVx14i uqE/CRX2+66Dp9GJyS2p5u5X3YwnJ3+d4jiOUtXZxhK8Q4QJXBcAH3DJGkGqgJUBAFLc mYVnky4= =EUMn -----END PGP SIGNATURE----- -- Upgrade your kitchen or bath with beautiful new countertops. Click now! http://tagline.hushmail.com/fc/BLSrjkqb18CZCWUV7c3wawr5yyv0hZ2UBKVIEDK2LCipoCyDvrX6QJebVPi/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists