> Actually, it does parse correctly. Go read RFC 1738.
IIRC, RFC 3986 "fixes" that, and so does https://url.spec.whatwg.org/.
/mz
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: ht
> If you change "http://1.2.3.4/"; in your Safari code:
> some URL in the real world(for example, dailymail.co.uk).
> Your code won't work(page of target domain is simply loaded).
Sure, but that's pretty obvious.
/mz
___
Sent through the Full Disclosur
Well...
http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html
On Thu, May 28, 2015 at 10:47 PM, David Leo wrote:
> Proof of concept:
> http://www.deusen.co.uk/items/iwhere.9500182225526788/
> It works on fully patched versions of iOS and OS X.
> How it works:
> Just keep try
> to reference this issue at all. Does anyone know if it has a different
> CVE number or what happened here?
Looks like: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5689
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailm
> Clang and its analyzers found a number of issues a couple of years
> ago. As far as I know, the results were dismissed. See "Clang 3.3 and
> Scan-Build results",
Well, I can kinda sympathize. Somebody took one of my OSS projects
(p0f) and ran it through a static analyzer a while ago (the analyze
> Richard and the team certainly have been busy bees:
> https://www.sqlite.org/src/timeline?n=152&y=ci&v=0&ym=2015-04&t=trunk
Yup. In addition to the crashes, I also sent them probably around
50-60 assert failures in debug builds, at their request. Most of them
are probably not security relevant,
SQLite is probably the most popular embedded database in use today; it
is also known for being very well-tested and robust.
Because of its versatility, SQLite sometimes finds use as the
mechanism behind SQL-style query APIs that are exposed between
privileged execution contexts and less-trusted co
> Fuzzing bmp2tiff, using the afl-fuzzer, revealed an integer overflow issue
> related to the dimensions of the input BMP image.
It's probably worth noting that although the bundled utilities are
pretty buggy, there are also several bugs affecting the libtiff
library itself that can be hit with af
> See http://mis.fortunecook.ie for the rest.
I think you might have accidentally pasted the wrong link. This one
doesn't seem to contain additional information.
Cheers,
/mz
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/list
Many Linux distributions ship with the 'less' command automagically
interfaced to 'lesspipe'-type scripts, usually invoked via LESSOPEN.
This is certainly the case for CentOS and Ubuntu.
Unfortunately, many of these scripts appear to call a rather large
number of third-party tools that likely have
Yo,
Many shell users, and certainly a lot of the people working in
computer forensics or other fields of information security, have a
habit of running /usr/bin/strings on binary files originating from the
Internet. Their understanding is that the tool simply scans the file
for runs of printable ch
> Can I quote you on:
> PS. There are no other bugs in bash.
There's no proof I ever said that!
/mz
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure
> Worse that heartbleed?
In what way? It doesn't have a logo, so it's a bit better in my book.
But seriously, yup, it's probably worse - it likely affects more sites
and trivially gives you remote shell.
I have written down some technical details about the issue and the
problems with all the pat
Yello,
The recent release of Firefox 32 fixes another interesting image
parsing issue found by afl [1]: following a refactoring of memory
management code, the past few versions of the browser ended up using
uninitialized memory for certain types of truncated images, which is
easily measurable with
Hey all,
Since I haven't really ever properly done it, i wanted to "officially"
announce american fuzzy lop, a novel instrumentation-driven fuzzer
that, among other things, had some luck finding a bunch of fairly
interesting image parsing security issues (e.g., CVE-2013-6629,
CVE-2013-6630).
http
> What kind of response are you expecting from the various distros on this
> exactly? Having "noglob" option enabled by default on all the shells on
> the system?
rm /bin/rm
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listi
> We wanted to inform all major *nix distributions via our responsible
> disclosure policy about this problem before posting it
I'm not sure how to put it mildly, but I think you might have been
scooped on this some 1-2 decades ago...
Off the top of my head, there's a rant about this behavior in
OK, this is more fun than any immediate risk...
Those of you who follow web security topics probably remember that
until mid-2010, you could extract very substantial chunks of one's
browsing history by applying distinctive styling to thousands of
off-screen :visited links and then reading that inf
> I could distill that to layman's terms:
> "Hurting someone else and making money at their expense."
Well, kind of, but that's essentially the definition of all short-term
stock trading: you're betting that somebody else is wrong and want to
profit from their loss.
/mz
_
> I'd be interested to see analyses of short term affects of breaches.
A friend of mine pointed me to this paper:
http://www.heinz.cmu.edu/~rtelang/tse_published.pdf
I have issues with the methodology - most notably, the study covers
only 150 bugs out of thousands qualifying ones; half of them f
> Among other according to
> www.sfgate.com/business/article/Investors-undeterred-by-data-breaches-5505309.php
> seems that also after data breaches like the Targets one there aren'tlong
> term impact on stock markets.
Well and the business plan here is not to cause breaches, right?;-)
/mz
_
> vulnerabilities to the public. For this I need help getting the filing fees
> necessary to incorporate a hedge fund. I want to continue bringing issues
> in companies that put you at risk to light, and short the stocks of those
> companies when I do so.
It's practically unheard of to see stocks
> 90 out of 100 security flaws in the past years where from the
> category "hy should i bother about this and that, it is unlikely"
If possible, I'd like to hear more about this.
/mz
___
Sent through the Full Disclosure mailing list
http://nmap.org/mai
> the existence of "C:\Program.exe" must not have any bad affect
> for any random installer not intending to execute this
Sounds like a good goal. The installer probably also shouldn't play
obscene messages via PC speaker. If it did, it would be undesirable
and probably considered a bug.
Now, in
> It's bullshit. They say: 'A missing bounds check in the handling of the
> variable "DOPENSSL_NO_HEARTBEATS"'. That's not a variable, the "D" is
> not actually part of the name, and it's a compile-time macro that
> configures whether heartbeats will be compiled in or not. And because
> it's a comp
> http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
Uh huh. And here's a fairly unequivocal rebuttal:
http://icontherecord.tumblr.com/post/82416436703/statement-on-bloomberg-news-story-that-nsa-knew
There's not a whole lot of wiggle room. It's p
> 1. inclusive of [1..3] above
> 2. replace all operating systems
> 3. audit or replace all user data
And also burn the hardware, given that if you're assuming the
worst-case scenario, all your firmware is now replaced with that of
Roomba.
I mean, it's a very cool bug. I'm jealous of Neel.
But
> http://m.smh.com.au/it-pro/security-it/man-who-introduced-serious-heartbleed-security-flaw-denies-he-inserted-it-deliberately-20140410-zqta1.html
"Man who introduced serious 'Heartbleed' security flaw denies he
inserted it deliberately"
Wow, we're climbing to some new levels here.
/mz
___
> How realistic is it that an attacker would be able to glean passwords through
> this vulnerability?
Highly.
> Programatically searching through 64k memory dumps for
> certificates seems plausible, but looking for passwords does not. A password
> is
> of no pre-determined length or format.
HTT
> -table.append(fmt % (listaddr, password, optionsurl))
> +table.append(fmt % (listaddr, "", optionsurl))
That doesn't work if my password is "".
/mz
___
Sent through the Full Disclosure mailing list
http
30 matches
Mail list logo
