On Tue, 04 May 2010 14:55:19 CDT, Marsh Ray said:
> Hardware hacking is a magnificent example of something everyone has
> always known was possible and largely pretended didn't exist.
Unless of course you knew it was going to happen and left something for the
hardware hackers to find:
http://mic
On 5/1/2010 1:23 PM, Georgi Guninski wrote:
> ok, we had a flame.
>
> what is the newest category of sekurity bugz that is considered elite?
I had to think about this a few days.
My nomination for 'most leet' is the exploitation of hardware on the die
of the chip:
“Tarnovsky’s examination proces
Dan Kaminsky to me to him:
> >> I really like the hash length declaration bugs, where the client can
> >> tell the server how many bytes of a hash need to be validated. (Yep,
> >> you just say "one byte is plenty")
> >>
> >> SNMPv3 and XML-DSIG both fell to this, catastrophically.
> >
> > I thoug
On Sat, May 1, 2010 at 11:23 AM, Georgi Guninski wrote:
> ok, we had a flame.
>
> what is the newest category of sekurity bugz that is considered elite ?
chained vulns of local arb. exec followed by vm break-out. all the vm
implementers in their mad rush for feature rich are expanding attack
surf
On May 1, 2010, at 8:30 PM, Nick FitzGerald
wrote:
> Dan Kaminsky wrote:
>
>> I really like the hash length declaration bugs, where the client can
>> tell the server how many bytes of a hash need to be validated. (Yep,
>> you just say "one byte is plenty")
>>
>> SNMPv3 and XML-DSIG both fe
Lately, it seems that the old has become new :)
D
On Sat, May 1, 2010 at 6:30 PM, Nick FitzGerald
wrote:
> Dan Kaminsky wrote:
>
>> I really like the hash length declaration bugs, where the client can
>> tell the server how many bytes of a hash need to be validated. (Yep,
>> you just say "one b
full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] newest category of security bugs considered elite ?
>
> ok, we had a flame.
>
> what is the newest category of sekurity bugz that is considered elite ?
>
> basically, int. over., BO are generally considered elite yet bar
Dan Kaminsky wrote:
> I really like the hash length declaration bugs, where the client can
> tell the server how many bytes of a hash need to be validated. (Yep,
> you just say "one byte is plenty")
>
> SNMPv3 and XML-DSIG both fell to this, catastrophically.
I thought Georgi asked for the
I really like the hash length declaration bugs, where the client can
tell the server how many bytes of a hash need to be validated. (Yep,
you just say "one byte is plenty")
SNMPv3 and XML-DSIG both fell to this, catastrophically.
On May 1, 2010, at 2:23 PM, Georgi Guninski
wrote:
> o
ok, we had a flame.
what is the newest category of sekurity bugz that is considered elite ?
basically, int. over., BO are generally considered elite yet barely new.
XSS probably is not elite by 3l33t majority opinion.
i was looking in the past and my heart was not beating fast ;-)
--
joro
___
10 matches
Mail list logo