| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <355E82FB-529A-4D44-BB25-24E3B782425B@b3nji.com> Date: Thu, 15 Nov 2012 08:48:25 +0000 From: Benji <me@...ji.com> To: "nick@...us-l.demon.co.uk" <nick@...us-l.demon.co.uk> Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Skype account + IM history hijack vulnerability Also thank you for posting a link to a well known reference, that was super appreciated. Next time link something like OWASP, at least most whitehats don't laugh at them so you gain more credibility. Sent from my iPhone On 15 Nov 2012, at 03:45, "Nick FitzGerald" <nick@...us-l.demon.co.uk> wrote: > Benji wrote: > >> Oracle attacks? >> >> See into the future? >> Padding oracle attacks? >> Oracle SQL injections? > > You noobs... > > http://www.drdobbs.com/understanding-oracle-attacks-on-informat/184405917 > > (Don't get too tied up in the crypto stuff in that article.) > > klondike's point is that simply monitoring the response of the "user X > wants to change their password" web-form tells you whether there is, in > fact, a user named "X" on the system. That's kinda obvious from the > bash script klondike provided, and I don't do bash... > > > > Regards, > > Nick FitzGerald > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists