lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-id: <4A2670E7.2919.7AF5C48C@nick.virus-l.demon.co.uk>
Date: Thu, 04 Jun 2009 00:47:35 +1200
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: FD <full-disclosure@...ts.grok.org.uk>
Subject: Re: TPTI-09-03: Apple iTunes Multiple Protocol
 Handler Buffer Overflow Vulnerabilities

Thierry Zoller to Will Drewry:

> WD> Here's the (mac) exploit module to go along with my simul-report to
> WD> apple:  http://static.dataspill.org/releases/itunes/itms_overflow.rb
> 
> OMFG, you must by kidding, are we 1999 again ?? Classical Stack buffer
> overflow in URL request ?! ..o m f g =) Nice find!

You must be wrong!

It's a well-known fact -- just ask any Apple fanboi -- that Macs are 
invulnerable to security exploits of any kind because they are based on 
Unix-ish and/or open source code and/or are developed by far cooler 
_and_ cleverer dudes than anyone who ever worked at MS (or anywhere 
else for that matter, except NeXT) and/or because Steve (the sun shines 
out my orifices) Jobs said so...

So, now we've established that you are wrong, HTF can anyone at Apple 
seriously claim their shit is worth bottling given they keep getting 
caught with such egregiously crappy bugs in their code?

And how is it that folk who really should know better keep feeding this 
line of BS?

Oh, that's right, they need to justify the grossly excessive cost of 
those non-Windows x86 machines they've been buying the last few 
years...



Regards,

Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ