You do realize you're still going to be CC'd, don't you?<http://www.google.com/>
And OH MY GOD, my text somehow became a clickable link. Did you guys see that? Did you see my ground breaking exploit? I demand your respect right this second!@ On Sat, Jun 11, 2011 at 10:13 PM, -= Glowing Doom =- <sec...@gmail.com>wrote: > done.. bye! > > > > On 12 June 2011 13:12, -= Glowing Doom =- <sec...@gmail.com> wrote: > >> Yet i now stop... enjoy your pathetic,useless luist.. i will now >> unsubscribe :) >> thanks. >> >> >> >> On 12 June 2011 13:09, -= Glowing Doom =- <sec...@gmail.com> wrote: >> >>> Here again.... >>> >>> I will write a sentence now, and, i will just copy, so it is 'darkened' >>> text , then with NO backspace just leave the text darkened, and goto 'link' >>> , and enter a link.. the text will turn to red. >>> >>> >>> (this is the easiest way to reproduce it...) <http://www.haxxor-NOT.bs> >>> >>> >>> >>> >>> >>> On 12 June 2011 13:07, -= Glowing Doom =- <sec...@gmail.com> wrote: >>> >>>> I should have said just 'copy, then hit link... because the other one, >>>> is actually VERY hard to explain..but yes... backspace... has a bug with >>>> emails. Is this so hard for 500000 ppl to understand ? >>>> I am really shocked at the brubbish talk i have copped from this. >>>> >>>> >>>> >>>> On 12 June 2011 13:06, -= Glowing Doom =- <sec...@gmail.com> wrote: >>>> >>>>> Do the research... then call yourself a 'team'...please :s >>>>> >>>>> The PoC, is easy as hell to reproduce. I am shocked a team, cannot do >>>>> it.. >>>>> >>>>> even the easy one wich is just copy/backspace, and, hit link and enter >>>>> a link! >>>>> simple ? >>>>> >>>>> >>>>> >>>>> On 12 June 2011 12:52, Haxxor Security <h...@xxor.se> wrote: >>>>> >>>>>> As I (painfully tried to) understand it, secn3t can fool his own email >>>>>> client to create malformed links by pressing backspace... >>>>>> >>>>>> >>>>>> 2011/6/12 adam <a...@papsy.net> >>>>>> >>>>>>> At the end of the day, you're going to be treated like a child as >>>>>>> long as you continue to type like one. >>>>>>> >>>>>>> The entertaining part for me is how each of your replies contradicts >>>>>>> a previous one. According to you, this *vulnerability* *has existed >>>>>>> for years*. And also according to you, the reason why the original >>>>>>> email was filled with spelling errors is because it *was rushed out >>>>>>> due to you being "awake" at 6AM.* Do you see the inconsistency >>>>>>> between those two statements? Your response to Christian also indicated >>>>>>> that >>>>>>> you* **didn't just discover this*. >>>>>>> >>>>>>> IF this is an old vulnerability and IF you've known about it for an >>>>>>> extended period of time - WHY did you have to post it right when you >>>>>>> did? >>>>>>> It's old, you've known about it for a while, it's existed for years, >>>>>>> yet it >>>>>>> couldn't wait until later in the day? It couldn't wait until you had >>>>>>> time to >>>>>>> skim over the email and correct any spelling/grammar mistakes? It >>>>>>> absolutely >>>>>>> had to be posted right then and there? >>>>>>> >>>>>>> On Sat, Jun 11, 2011 at 9:14 PM, -= Glowing Doom =- < >>>>>>> sec...@gmail.com> wrote: >>>>>>> >>>>>>>> Thats why i the people who do understand it, can see that it is >>>>>>>> there... yes, VERY hard to expalin, id LOVE to see you try. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 12 June 2011 12:11, adam <a...@papsy.net> wrote: >>>>>>>> >>>>>>>>> Furthermore, pretending that we [the readers] are somehow at fault >>>>>>>>> here (for not understanding) isn't going to get you very far. The >>>>>>>>> only thing >>>>>>>>> consistent in this entire thread is that people *kind of* want to >>>>>>>>> know what you're talking about, but aren't able to due to the poor >>>>>>>>> writing >>>>>>>>> style and spelling/grammar errors. >>>>>>>>> >>>>>>>>> It should be noted that no one is being anal about typos, I fully >>>>>>>>> understand that people make mistakes. The difference is that it >>>>>>>>> appears you >>>>>>>>> didn't even so much as proof read the original email. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sat, Jun 11, 2011 at 9:04 PM, phocean <0...@phocean.net> wrote: >>>>>>>>> >>>>>>>>>> Hi n3td3v... oops!... secn3t (that is close), >>>>>>>>>> >>>>>>>>>> Sorry but I don't understand anything to this thread. >>>>>>>>>> Each of your emails is such a pain to read, that I stop at the >>>>>>>>>> first >>>>>>>>>> sentence. >>>>>>>>>> We are all busy and don't want to take 20 min to decipher your >>>>>>>>>> writing >>>>>>>>>> with the risk that it is not deserving it. >>>>>>>>>> Please clarify and give consistent technical facts. >>>>>>>>>> >>>>>>>>>> Thanks. >>>>>>>>>> >>>>>>>>>> Le 12/06/2011 03:33, -= Glowing Doom =- a écrit : >>>>>>>>>> > This is NOT coded.. the PoC i am explaining, is possible with >>>>>>>>>> simply >>>>>>>>>> > copyying text,then using a sequence of keys, to make the actual >>>>>>>>>> > sentence/s, appear. >>>>>>>>>> > This code is not what shows up when it is dissected. >>>>>>>>>> > It shows up with many x41 all over the email when it is done >>>>>>>>>> properly . >>>>>>>>>> > Regards. >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > On 12 June 2011 11:29, Christian Sciberras <uuf6...@gmail.com >>>>>>>>>> > <mailto:uuf6...@gmail.com>> wrote: >>>>>>>>>> > >>>>>>>>>> > For those lazy enough to search: >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1 >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > Excerpt: >>>>>>>>>> > >>>>>>>>>> > Basicaly just compile this and you will get a 100% processor >>>>>>>>>> usage >>>>>>>>>> > by the compiled exploit and Csrss.exe >>>>>>>>>> > >>>>>>>>>> > #include <stdio.h> >>>>>>>>>> > int main(void) >>>>>>>>>> > { >>>>>>>>>> > while(1) >>>>>>>>>> > printf("\t\t\b\b\b\b\b\b"); >>>>>>>>>> > return 0; >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > How this helps in sending spam is beyond me. >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton < >>>>>>>>>> noloa...@gmail.com >>>>>>>>>> > <mailto:noloa...@gmail.com>> wrote: >>>>>>>>>> > >>>>>>>>>> > On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =- >>>>>>>>>> > <sec...@gmail.com <mailto:sec...@gmail.com>> wrote: >>>>>>>>>> > >>>>>>>>>> > > It is now, over 1yr old atleast and exists in >>>>>>>>>> riched20.dll. >>>>>>>>>> > > This PoC info is over for me also. >>>>>>>>>> > Microsoft had problems with a backspace in the past. >>>>>>>>>> Search for >>>>>>>>>> > "CSRSS >>>>>>>>>> > Backspace Bug". >>>>>>>>>> > >>>>>>>>>> > > [SNIP >>>>>>>>>> > >>>>>>>>>> > Jeff >>>>>>>>>> > >>>>>>>>>> > _______________________________________________ >>>>>>>>>> > Full-Disclosure - We believe in it. >>>>>>>>>> > Charter: >>>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > _______________________________________________ >>>>>>>>>> > Full-Disclosure - We believe in it. >>>>>>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> phocean >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Full-Disclosure - We believe in it. >>>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Full-Disclosure - We believe in it. >>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Full-Disclosure - We believe in it. >>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Full-Disclosure - We believe in it. >>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>>> >>>>> >>>>> >>>> >>> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/