Full Disclosure mailing list archives
Re: Full Disclosure Awards
From: Martin Ekendahl <martin () hardlined com>
Date: Tue, 5 Aug 2003 13:58:35 -0500
hahaha, I hope you will keep this "weekly award" thing up, its a nice refreshing change from the usual tone of the list. On Tue, 5 Aug 2003 08:15:08 -0400 "Mortis" <m0rtis () adelphia net> wrote:
Good morning Ladies and Gentleman, I'm glad you could come to the semi-weekly Full Disclosure Award Ceremony. It's been an exciting week and the judges are having a hard time making their decision. You decide... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We have three contenders for the "No Sh*t, Sherlock" award this week: a) Ben Moeckel (ben.moeckel () badwebmasters net) for his lovely copyrighted write-up letting us all know "When webbrowsers parse html they remove special chars, this behavior may be used by an malicious user to fool script/html-filters in webapplications". We never thought of that, Ben. Got any more tricks up your sleeve? b) Richard M. Smith (rms () computerbytesman com) for letting us know he found a way to deliver a file to a program that is made to read files. And has no known vulnerabilities. On one operating system and browser. Thanks, Dick, we needed something like that! It operates as designed... let's call the press. c) gyrniff (b240503 () gyrniff dk) for the brilliant observation that recent MS operating systems talk to MS on the internet by default. If MS hadn't said so and we hadn't read about it in the press about 6 years ago, we might act surprised. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We have FOUR contenders for the "I would just like to announce that I am a moron" award. Yes, you heard me. Four. Sometimes you have to wait months for gems like these, folks, but not on FD: a) Kyp Durron (kdurron () hotmail com) for forwarding us the headers from his message that may or may not have been from Microsoft. Like it was somehow more special than the other 800 spams we got over the weekend. Slap yourself with the clue stick, Kyp. Most of us get the same spam in our own mailboxes. All the time. Can you imagine that? Richard researches this topic. He may be interested in the extra copies. b) Kaveh Mofidi (admin () securetarget net) for the "Recycle Bin Unavailability of Service". He just called to let us know that he found a harmless minor bug in the Microsoft GUI that has no bearing on security whatsoever. But it made you look, didn't it! Thanks, man. Please send the $4,238 worth of people's time that you wasted to a good charity. Oh, wait, don't bother. Anyone who wasted their time deserved it. c) Harshul Nayak (harshul () ealcatraz com) for observing back to the list the exact information that the original poster did. And for making it sound like he was contradicting them. Come to think about it, maybe this one should come off the list. I think he was making a funny. d) Justin Shin (zorkshin () tampabay rr com) just for being him. Quotes o' the week: "This probably sounds like a really stuuuuuuupid question ... When I ran ... exploit ... tried to create a share ... connect to share, I am forced to login as Guest ... Is it just me or is it something else??" ***** It's just you. ***** "Because, I have so much time that I can waste being a 1337h4x0r and screwing around with other people's computer" ***** We thought this might be the case. ***** "Sounds like it was poorly written" ***** based on the size of an executable: good analysis! ***** "I have observed this on one of my client's computers as well" ***** Please tell us UR kidding ***** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I suppose we need to give away two awards for good posts. Thanks, boyz. a) [SEC-LABS TEAM]: (noreply () sec-labs hack pl) For their Win32 Device Drivers Communication Vulnerabilities + PoC for Symantec Norton AntiVirus '2002 (probably all versions) Device Driver. Sweet. b) dong-h0un U [xploit () hackermail com] for the nicely coded wu-ftpd-2.6.2 off-by-one remote exploit. You the man, noon_dong. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I need to send a special note to morning_wood, too, for his special treasure "HTML FORMATED MAIL ( ie - oe - html ) bgsound local file - ding?". Picture this. Picture Mortis sitting at computer in bedroom. Picture alarm clock, 3:43 am. Picture Lady Death sleeping in bed near computer. Picture nice computer with good sound card and Dolby 5.1 surround sound. Picture Mortis clicking on email to see what ding ding about. Picture DING! DING! DING! DING! DING! DING!... You s*ck, morning_wood. I hate you. Lady Death is p*ssed. No s3x. I will get you for this. I usually like funny, but not this time. -- I'm dead, m0rtis P.S. Greets to Brent who is crabbier than Mortis. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- /* "To avoid all evil, to cultivate good, and to cleanse one's mind this is the teaching of the Buddhas." Martin Ekendahl http://www.hardlined.com martin () hardlined com */ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Full Disclosure Awards Mortis (Aug 05)
- Re: Full Disclosure Awards Martin Ekendahl (Aug 05)
- Re: Full Disclosure Awards madsaxon (Aug 05)
- Re: Full Disclosure Awards martin f krafft (Aug 06)
- Re: Re: Full Disclosure Awards memo (Aug 06)
- RE: Re: Full Disclosure Awards Mike (Aug 07)
- <Possible follow-ups>
- Fwd: Re: Re: Full Disclosure Awards Stephen Clowater (Aug 07)
- Re: Full Disclosure Awards Martin Ekendahl (Aug 05)