Full Disclosure mailing list archives
Re: Skype account + IM history hijack vulnerability
From: Benji <me () b3nji com>
Date: Thu, 15 Nov 2012 19:02:20 +0000
I'll make one point. Google 'oracle attack'. The only result that comes up related to your naming meaning is the one posted here. The rest are the obvious examples. But whatever, you seem to be vulnerable to the one d eye oh 7 vulnerability. Sent from my iPhone On 15 Nov 2012, at 18:59, klondike <klondike () klondike es> wrote:
El 15/11/12 09:47, Benji escribió:Sometimes when people argue over the definition of '0day', it is important to be clear.I never called my attack a 0-day, did I?Although the bash script made it clear, I have never ever seen someone call 'user enumeration' an 'oracle attack'.Turns out I have never seen anybody call an 'oracle attack' 'user enumeration'.Probably because this is 2012 and the Matrix hasn't just come out.Probably because the attack won't give you the whole list of usernames but instead tell you which e-mails (not necessarily being an username) on your list are on its list. Also turns out the concept of oracle has been in use on the computation world way before you think and before the OWASP guys arbitrarily decided such a name in, amongst others, the complexity theorems that keep the cryptography used nowadays secure, so, please, stop acting childishly over something as stupid as the name of the attack and concentrate instead on the exposed issue. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability, (continued)
- Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Chris C. Russo (Nov 14)
- Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Christian Sciberras (Nov 14)
- Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Georgi Guninski (Nov 14)
- Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Chris C. Russo (Nov 14)
- Re: Skype account + IM history hijack vulnerability klondike (Nov 14)
- Re: Skype account + IM history hijack vulnerability Benji (Nov 14)
- Re: Skype account + IM history hijack vulnerability klondike (Nov 14)
- Re: Skype account + IM history hijack vulnerability Nick FitzGerald (Nov 14)
- Re: Skype account + IM history hijack vulnerability Benji (Nov 15)
- Re: Skype account + IM history hijack vulnerability klondike (Nov 15)
- Re: Skype account + IM history hijack vulnerability Benji (Nov 15)
- Re: Skype account + IM history hijack vulnerability Benji (Nov 15)
- Re: Skype account + IM history hijack vulnerability Benji (Nov 14)
- Re: Skype account + IM history hijack vulnerability Benji (Nov 15)