lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 17 Jun 2009 23:37:13 -0500
From: "sl@...r" <sl@...rs.org>
To: full-disclosure@...ts.grok.org.uk
Subject:  Regarding RSnake FD

Chill, the Apache folks said it was OK...maybe you should have read the 
whole post.

security@...che.org:
"DoS attacks by tying up TCP connections are expected. Please see:

http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos

Regards, Joe"

The Apache guys clearly stated that this was expected behavior, we 
simply made another test case for the "expected", why the outrage?

Additionally there are ways to defend against this already, which also 
cover other DoS attacks, not to mention most enterprises with load 
balancers aren't affected anyway (F5 and Netscaler tested).

-id
ha.ckers.org

 >Hey,
 >
 >Regarding this script-kiddie perfect tool
 >http://milw0rm.com/exploits/8976and this article :
 >http://ha.ckers.org/blog/20090617/slowloris-http-dos/
 >
 >Are you fucking NUTS ?
 >
 >What's your point ? you wanna get famous ?, need attention or 
something ? or
 >it's a commercial issue ?
 >
 >What gives you the right to give that knowledge to any unknowledged kids
 >arounds ?
 >
 >You feel hot or wanna feel hot or something ?
 >
 >Dude, your a fucking prick.
 >
 >Now lot's of enterprises are in deep shit, feeling happy with it ?
 >Feeling the blackhat adrenaline groing in you ?
 >You're a kid that doesnt understand an oz of your disclosure.
 >
 >You're an asshole who doesnt even understand what means work in the 
security
 >industry.
 >I guess you're like Aelphaeis Mangarae, who like to talk about, why we
 >should say fuck u to FD while posting NOOBS paper about PHP security issue
 >on MILW0RM
 >GET A FUCKING BRAIN ASSHOLE, you're a real prick.
~                                                                                                                                        

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ