lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 30 Aug 2012 08:54:45 +0100
From: Jacqui Caren <jacqui.caren@...world.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [SE-2012-01] information regarding recently
 discovered Java 7 attack

On 29/08/2012 19:53, Jeffrey Walton wrote:
> I once used DE Cert to report some issues with GnuPG on Windows.
> Interestingly, I was asked to provide funding for the fix even though
> I submitted sample code demonstrating the fix. (Crowd sourcing is a
> myth - don't drink the Kool-aide).

When I worked for Cray, we found a mbuf allocation issue with solaris.
Ten or so ftp sssions in VERY rapid sucessions could kill a top of the range
sun server - kernel panic/shitty death everytime! :-)

We provided test case, and dev system dump analysis - and even worked out
the assembler tweak to the .a/.so required to eleminate the problem.

Sun's response? - Give us the 20K to fix it.

In the end we manually hacked the .a/.so and shipped the workaround to
our custsomers - IIRC sun fixed it some three or four years later but
it was fun to be able to kill any sun kit so easily using
nothing more a sequence of 20 or so SYN's.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ