Full Disclosure mailing list archives

Re: Apple Safari ... DoS Vulnerability

From: bobby.mugabe () hushmail com
Date: Tue, 03 Mar 2009 18:30:39 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sir,

If you can't tell the difference between my father and my self,
then I will have trouble believing that you are the mustache and
not the man.

thanks,
- -bm

On Tue, 03 Mar 2009 18:21:23 -0500 Valdis' Mustache
<security.mustache () gmail com> wrote:

Mr. Snarks,

If you can't tell the difference between the Zimbabwean president
and
what's under my esteemed owner's nose I suggest you consult RFC
2821
for guidance.

I am NOT amused.


Your humble servant,
V knír z Valdis

On Tue, Mar 3, 2009 at 6:01 PM, Jason Starks
<jstarks440 () gmail com> wrote:

Right..

On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe () hushmail com>

wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mr. Stark,


There.

On Tue, Mar 3, 2009 at 5:56 PM, <bobby.mugabe () hushmail com>

wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Where?

- -bm

On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks
<jstarks440 () gmail com> wrote:

Mr. Mustache,

There is a missing "s" on the end of my last name.

Yours truly,

Jason "Bench Press" Starks

On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe () hushmail com>

wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mr. Stark,

Adhering to the tradition of my fathers, I do not sport any

facial

hair and take offense to your comment, and since you're

obviously

lacking basic observational skills I highly doubt you're

even as

talented as my Cadburys, at anything.

- -bm

On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks
<jstarks440 () gmail com> wrote:

Mr. Mustache, it is obvious that I have more talent than a

box

of

chocolates, and that you envy the sadistic nature of your

fellow

trolls on
this list. Point blank.

On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe () hushmail com>

wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Valdis,

I have been able to reproduce a similar situation using

Firefox

under MacOSX, using different websites and a

significantly

larger

number of tabs.  Do you think these issues might be

related

or

are

they operating system specific?  What model of CPU were

you

testing

this issue under?

Thanks,
- -bm

On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache
<security.mustache () gmail com> wrote:

I would like to point out that I have been able to

create a

"hung"

state in the Firefox browser by opening 30 simultaneous

tabs

pointed
at http://www.welcometointernet.org/lawnmower/ and

adding a

31st

tab
viewing http://www.hotrussianbrides.com.

Also, I am not amused.


Your humble servant,
Ze Mustache von Kletnieks

On Mon, Mar 2, 2009 at 10:29 PM,

<bobby.mugabe () hushmail com>

wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Nick,

You and Thierry Loller are wrong.

- -bm

On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald

<nick@virus-

l.demon.co.uk> wrote:

Chris Evans to Thierry Zoller:

Example
If a chrome tab can be crashed arbritarely

(remotely)

it

is

DoS attack

but with ridiculy low impact to the end-user as it

only

crashes the tab

it was subjected to, and not the whole browser or

operation

system.

But the fact remains that this was the impact of a

DoS

condition,

the tab crashes arbritarily.


Eh? If you visit www.evil.com and your tab crashes,

that's

no

different from www.evil.com closing its own tab with

Javascript.


But what if www.evil.com has run an injection attack

of

some

kind

(SQL,
XSS in blog comments, etc, etc) against

www.stupid.com?


Visitors to stupid.com then suffer a DoS...

Yes, stupid.com should run their site better, fix

their

myriad

XSS

holes,
etc, etc.

But this is the Internet, so this "software flaw" can

be

leveraged

as
security vulnerability.

I'm with Thierry on this...


Regards,

Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-

charter.html

Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at

https://www.hushtools.com/verify

wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qv

b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53f

7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5

UpXIZ1s=
=zgqd
-----END PGP SIGNATURE-----

--
Become a medical transcriptionist at home, at your own

pace.

http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWaf

DXj4iASDyccuLtQA2i9f1le/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-

charter.html

Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-

charter.html

Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at

https://www.hushtools.com/verify


wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDV


TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGl


wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3

P7xAvvQ=
=avqi
-----END PGP SIGNATURE-----

--
Click to find great rates on health insurance, save big,

shop

here.


http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2

ai39WLJo4QlOxYCnjxaqn9u/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-

charter.html

Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at

https://www.hushtools.com/verify

wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0J

XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwr

kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4

XTUWWLI=
=FOnb
-----END PGP SIGNATURE-----

--
Become a medical transcriptionist at home, at your own pace.

http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEP

YBzpFXa7E7s6QHH4MsdQbb6/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at

https://www.hushtools.com/verify

wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ
6

1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixh
k

f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu
3

eJKIjEU=
=MEss
-----END PGP SIGNATURE-----

--
Thinking of a life with religion?  Click here to find a

religious school

near you.

http://tagline.hushmail.com/fc/BLSrjkqkOt23N64MfCBCDe7Ocvf3t1DcVFSD
ppHSTZUDCQJQcaRhPY88GLe/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkmtvP8ACgkQhNp8gzZx3siqJgQArCC3Q9noiXDVZd93umNMtDrxmy3A
TGY2TbuHzn3cJrY35qj6pAEnNtTx88eDo1mUEZE2A6jFYr/9U+Mr/wsD94+24RVVx14i
uqE/CRX2+66Dp9GJyS2p5u5X3YwnJ3+d4jiOUtXZxhK8Q4QJXBcAH3DJGkGqgJUBAFLc
mYVnky4=
=EUMn
-----END PGP SIGNATURE-----

--
Upgrade your kitchen or bath with beautiful new countertops. Click now!
 http://tagline.hushmail.com/fc/BLSrjkqb18CZCWUV7c3wawr5yyv0hZ2UBKVIEDK2LCipoCyDvrX6QJebVPi/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Apple Safari ... DoS Vulnerability, (continued)
- - Re: Apple Safari ... DoS Vulnerability Jason Starks (Mar 03)
    - Re: Apple Safari ... DoS Vulnerability Jim Parkhurst (Mar 03)
- Re: Apple Safari ... DoS Vulnerability M.B.Jr. (Mar 03)
- Re: Apple Safari ... DoS Vulnerability bobby . mugabe (Mar 03)
  - Re: Apple Safari ... DoS Vulnerability Jason Starks (Mar 03)
- Re: Apple Safari ... DoS Vulnerability bobby . mugabe (Mar 03)
  - Re: Apple Safari ... DoS Vulnerability Jason Starks (Mar 03)
    - Re: Apple Safari ... DoS Vulnerability Valdis' Mustache (Mar 03)
    - Re: Apple Safari ... DoS Vulnerability Jason Starks (Mar 03)
- Re: Apple Safari ... DoS Vulnerability bobby . mugabe (Mar 03)
- Re: Apple Safari ... DoS Vulnerability bobby . mugabe (Mar 03)
- Re: Apple Safari ... DoS Vulnerability bobby . mugabe (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Biz Marqee (Mar 04)
  - Re: Apple Safari ... DoS Vulnerability Jason Starks (Mar 04)
    - Re: Apple Safari ... DoS Vulnerability Valdis' Mustache (Mar 04)
    - Re: Apple Safari ... DoS Vulnerability Jason Starks (Mar 04)
  - Re: Apple Safari ... DoS Vulnerability Chris Evans (Mar 04)
- Re: Apple Safari ... DoS Vulnerability bobby . mugabe (Mar 04)
- Re: Apple Safari ... DoS Vulnerability bobby . mugabe (Mar 04)
  - Re: Apple Safari ... DoS Vulnerability Valdis' Mustache (Mar 04)
- Re: Apple Safari ... DoS Vulnerability bobby . mugabe (Mar 04)