lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 29 Jun 2013 20:36:51 +0000
From: Cool Hand Luke <coolhandluke@...lhandluke.org>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Denial of Service in WordPress

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/28, Julius Kivimäki wrote:
> If one wants to conduct such attacks, would it not be a million times
> easier for them to use infected hosts to do thousands of requests per
> second? (Per computer). Can you come up with a scenario where this "attack"
> would actually be useful?

no, he can't. there isn't such a scenario. this is one of those
situations where in theory he is correct but in reality this is simply
not an issue.

there are a thousand other attacks one could do that would be more
efficient and more effective (which others have been trying to explain
to him) but he refuses to listen and insists this is a major problem.

this is *not* an issue -- which is why everyone has been ignoring it for
5.5 years.

- -chl

- --
cool hand luke


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQF8BAEBCgBmBQJRz0VjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5RUE3NjY3OTY3NTE0RjAyMDgyRTNBQzAy
QkE2NTVENTVDODgzNUVCAAoJECumVdVciDXrtT4IAJwAnbWUWrzLXuX29QO9Wsk1
nWbwOF4t0QgPaCnQckwD9r6a5/EpUIjSRD00yweXjL12ZX4RobtI18tri+h2bor3
xq9PQgsHCLe1XdU4CSAmmKpVb7Bd5YJExxH/JQJbZQdQS/KNZFvdGBKHsN4O6WYr
E28H5kggpcBF1++iWp2WEBLdyoW9bGdRvtPukDkLOnLUGU28IAhxCtOlYGnjz1LE
QmQvT3U4325sOKNJCdCuw3kCYnEEHY3/PlVDd/uVEiWt9w8mVzzTbUI3rjwYVagM
VV9urMW9XnaaZ5VFQEUluh3jtofgfrd9d97/x/vSj2cuGMOSgvKbRg/T5XIg6JM=
=7+mT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ