lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4F6CFA7E.9000607@propergander.org.uk>
Date: Fri, 23 Mar 2012 22:34:38 +0000
From: Dave <mrx@...pergander.org.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple IOS security issue pre-advisory record

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And I thought curiosity killed only pussy cats.
I don't consider myself a security professional, but playing around with computers since the early 80's has certainly taught me that:

i) 	Most links in forums.emails.blogs etc. benefit only the poster when clicked upon.
ii)	Paranoia is healthy. If one runs a computer most people ARE out to get you.
iii)	Lots of people are smarter than I.
iv)	If the curiosity is irresistible... use a VM.
v)	Browse unknown sites with scripting/cookies/etc disabled or use wget/lynx or see above.
vi) 	Trust no one, Trust nothing.
vii)	At the first sign of compromise format and reinstall from trusted media.

I really shouldn't be trying to teach grannies to suck eggs but...
The last computer virus/compromise that affected a computer I owned, apart from those I purposely infect VM's with was the Saddam virus on my Amiga.

Now in my smugness, I expect I will be handed my ass later....

que sera sera

QR tags (matrix barcode)  now there's some fun waiting to happen ;-)

Dave
	
On 23/03/2012 20:41, Gary Baribault wrote:
> I find it very unfortunate that 300 supposed security professionals
> clicked on a hidden link like that without first checking what it was,
> or if not simply ignoring it like I did!!!
> 
> Gary Baribault
> Courriel: gary@...ibault.net
> GPG Key: 0x685430d1
> Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1
> 
> 
> On 03/23/2012 12:34 PM, john doe wrote:
>> he he, good catch :)
>> Anyway, it doesn't hurt anybody: it's just a vote.
>> Well, let me explain. I'm a journalist (non IT, mainstream) preparing
>> an article about different internet communities behaviors. I've posted
>> similar messages talking about a security issue, pron pics, divx,
>> software and breaking news in several famous boards accordingly to
>> analyze the different related communities behaviors.
>> Each one links to a vote for different video contests so that I can
>> measure the hints.
>> Good to notice: this message has generated about 300 votes in the
>> first 15 minutes, making it the second score behind "divx" for now on.
>>
>> Thank you, and sorry for inconveniences (if any) !
>>
>> On Fri, Mar 23, 2012 at 1:59 PM, adam <adam@...sy.net
>> <mailto:adam@...sy.net>> wrote:
>>
>>     That's pretty clever. But it doesn't work when people have tinyURL
>>     previews enabled.
>>
>>     URL:
>>     http://www.dailymotion.com/ajax/contest?*ajax_function=vote*&ajax_arg[]=41941248&ajax_arg[]=2223
>>     <http://www.dailymotion.com/ajax/contest?ajax_function=vote&ajax_arg[]=41941248&ajax_arg[]=2223>
>>
>>
>>     Response:
>>     +:{"message":"Thank you","status":1}
>>
>>     On Fri, Mar 23, 2012 at 7:14 AM, john doe <ninjaobsessed@...il.com
>>     <mailto:ninjaobsessed@...il.com>> wrote:
>>
>>         Advisory Disclosure MD5: e29e5501dc2ca4d5fc06855762b14393
>>         Abstract <http://tinyurl.com/8xq2xcq>
>>
>>         Regards,
>>         _______________________________________________
>>         Full-Disclosure - We believe in it.
>>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>         Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBT2z6frIvn8UFHWSmAQJ45Qf+Kgdx07L8TESYQ5LraMuTx33b7dYhlDYU
ziBk//dhM9mO0SSOGgUbZWQZTeUXwI+213Njf6xQQ9urr7VfNzJ/FXCCyH7FicKI
xMkI/0p/8ZELdx0bsGxr0Jy/sWTnQT1pQvBPXRKX44jVg9TkDy9YxBVxdkzBaput
oAzSuFNnEbDNEgvS1mxwimjzOAtvYdisCMOuTyS2nptPHNOJ0QuhMQ0WsfbwUhLr
b2/zPETVsH0NVR1jIS+qMzSFfDhSGJQc5H+phkKQ4FbTVsdJvVnMlgUhOHbdYO8T
glPR6P+vey8BUBbtGaRtIx2qNZhx1HwkMODXI6FQHRjHAPXrJcDsBw==
=v9iB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ