Re: [Full-Disclosure] Full Disclosure Awards

From: Martin Ekendahl (martin_at_hardlined.com)
Date: 08/05/03

  • Next message: martin scherer: "SV: [Full-Disclosure] help" 
    To: full-disclosure@lists.netsys.com
Date: Tue, 5 Aug 2003 13:58:35 -0500

    hahaha, I hope you will keep this "weekly award" thing up, its a nice refreshing change from the usual tone of the list.

    On Tue, 5 Aug 2003 08:15:08 -0400
    "Mortis" <m0rtis@adelphia.net> wrote:

    > Good morning Ladies and Gentleman,
    >
    > I'm glad you could come to the semi-weekly Full Disclosure
    > Award Ceremony. It's been an exciting week and the judges
    > are having a hard time making their decision. You decide...
    >
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > We have three contenders for the "No Sh*t, Sherlock" award
    > this week:
    >
    > a) Ben Moeckel (ben.moeckel@badwebmasters.net) for his
    > lovely copyrighted write-up letting us all know "When
    > webbrowsers parse html they remove special chars, this
    > behavior may be used by an malicious user to fool
    > script/html-filters in webapplications". We never thought
    > of that, Ben. Got any more tricks up your sleeve?
    >
    > b) Richard M. Smith (rms@computerbytesman.com) for letting
    > us know he found a way to deliver a file to a program that
    > is made to read files. And has no known vulnerabilities.
    > On one operating system and browser. Thanks, ***, we
    > needed something like that! It operates as designed...
    > let's call the press.
    >
    > c) gyrniff (b240503@gyrniff.dk) for the brilliant
    > observation that recent MS operating systems talk to MS on
    > the internet by default. If MS hadn't said so and we hadn't
    > read about it in the press about 6 years ago, we might act
    > surprised.
    >
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > We have FOUR contenders for the "I would just like to
    > announce that I am a moron" award. Yes, you heard me.
    > Four. Sometimes you have to wait months for gems like
    > these, folks, but not on FD:
    >
    > a) Kyp Durron (kdurron@hotmail.com) for forwarding us the
    > headers from his message that may or may not have been from
    > Microsoft. Like it was somehow more special than the other
    > 800 spams we got over the weekend. Slap yourself with the
    > clue stick, Kyp. Most of us get the same spam in our own
    > mailboxes. All the time. Can you imagine that? Richard
    > researches this topic. He may be interested in the extra
    > copies.
    >
    > b) Kaveh Mofidi (admin@securetarget.net) for the "Recycle
    > Bin Unavailability of Service". He just called to let us
    > know that he found a harmless minor bug in the Microsoft GUI
    > that has no bearing on security whatsoever. But it made you
    > look, didn't it! Thanks, man. Please send the $4,238 worth
    > of people's time that you wasted to a good charity. Oh,
    > wait, don't bother. Anyone who wasted their time deserved
    > it.
    >
    > c) Harshul Nayak (harshul@ealcatraz.com) for observing back
    > to the list the exact information that the original poster
    > did. And for making it sound like he was contradicting
    > them. Come to think about it, maybe this one should come
    > off the list. I think he was making a funny.
    >
    > d) Justin Shin (zorkshin@tampabay.rr.com) just for being
    > him. Quotes o' the week: "This probably sounds like a
    > really stuuuuuuupid question ... When I ran ... exploit ...
    > tried to create a share ... connect to share, I am forced to
    > login as Guest ... Is it just me or is it something else??"
    > ***** It's just you. ***** "Because, I have so much time
    > that I can waste being a 1337h4x0r and screwing around with
    > other people's computer" ***** We thought this might be the
    > case. ***** "Sounds like it was poorly written" ***** based
    > on the size of an executable: good analysis! ***** "I have
    > observed this on one of my client's computers as well" *****
    > Please tell us UR kidding *****
    >
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > I suppose we need to give away two awards for good posts.
    > Thanks, boyz.
    >
    > a) [SEC-LABS TEAM]: (noreply@sec-labs.hack.pl) For their
    > Win32 Device Drivers Communication Vulnerabilities + PoC for
    > Symantec Norton AntiVirus '2002 (probably all versions)
    > Device Driver. Sweet.
    >
    > b) dong-h0un U [xploit@hackermail.com] for the nicely coded
    > wu-ftpd-2.6.2 off-by-one remote exploit. You the man,
    > noon_dong.
    >
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > I need to send a special note to morning_wood, too, for his
    > special treasure "HTML FORMATED MAIL ( ie - oe - html )
    > bgsound local file - ding?".
    >
    > Picture this. Picture Mortis sitting at computer in
    > bedroom. Picture alarm clock, 3:43 am. Picture Lady Death
    > sleeping in bed near computer. Picture nice computer with
    > good sound card and Dolby 5.1 surround sound. Picture
    > Mortis clicking on email to see what ding ding about.
    > Picture DING! DING! DING! DING! DING! DING!...
    >
    > You s*ck, morning_wood. I hate you. Lady Death is p*ssed.
    > No s3x. I will get you for this. I usually like funny, but
    > not this time.
    > --
    > I'm dead,
    > m0rtis
    > P.S. Greets to Brent who is crabbier than Mortis.
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    > 

    -- 
/*
"To avoid all evil, to cultivate good, 
and to cleanse one's mind  
this is the teaching of the Buddhas."
Martin Ekendahl
http://www.hardlined.com
martin@hardlined.com
*/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: martin scherer: "SV: [Full-Disclosure] help"
    Loading