Dailydave mailing list archives
Re: Things that slipped the pwnie net.
From: Alexander Sotirov <alex () sotirov net>
Date: Sat, 24 Jul 2010 16:53:37 -0400
On Sat, Jul 24, 2010 at 02:58:40PM -0400, dave wrote:
So my favourite bugs of the year that I didn't have time to write up for Pwnies: NGINX Finder: Chris Ries (http://www.kb.cert.org/vuls/id/180065) Exploit: Someone who probably doesn't want their name here. Reason: I've not seen hash collisions used in many exploits, but in this one it was necessary to evade Execshield. In any case, REMOTE ANONYMOUS WEB SERVER bugs are always first on my list for "awesomeness". This year was no exception.
NGINX got a pwnie nomination by proxy, Dr. Raid's song 'Pwned' mentions the NGINX bug in the intro: Dude, I saw you in fuckin' ZF0 they got you and everyone in your fuckin' chan What?!? (You got 0wned) Dude, you got NGINX running on your fuckin' web server (That's how you got 0wned) Yeah dude, NGINX is good, what? They popped your box and took your damn key! Those pics of you and your sis, they base64 encoded that shit and dropped it in the zine They took you, your keys...they took *everything* http://www.sophsec.com/pwned.mp3
In "Crypto Bugs": The padding oracle attacks are clearly the winner when it comes to "annoying crypto things we have to learn about".
The padding oracle paper actually made it in, it's got a nomination in the research category. Alex _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Things that slipped the pwnie net. Alexander Sotirov (Jul 25)