[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Google Secure Access or "How to have people download a trojan."
- To: "Valdis.Kletnieks@xxxxxx" <Valdis.Kletnieks@xxxxxx>
- Subject: Re: [Full-disclosure] Google Secure Access or "How to have people download a trojan."
- From: Paul Nickerson <pvnick@xxxxxxxxx>
- Date: Thu, 22 Sep 2005 11:32:13 -0400
Not to mention I was the one who found those two particular flaws, which
essentially make use of the same bug, in the first place ;-) (i.e.
http://greyhatsecurity.org/longnamevuln-discussion.htm)
Regards,
Paul
Greyhats Security
http://greyhatsecurity.org
On 9/22/05, Valdis.Kletnieks@xxxxxx <Valdis.Kletnieks@xxxxxx> wrote:
>
> On Wed, 21 Sep 2005 23:59:53 EDT, Ill will said:
> > yea Paul we all dont know how to take 2 pre-existing flaws and mash
> > them together
> > with the help of others to make our so-called 'security advisories'
> > and credit ourselves
>
> What does that make Liu Die Yu's "Six Step IE Cache Remote Compromise"
> count as?
>
> And remember that there's "obvious" interaction of two flaws, and then
> there's ones that rely on very non-obvious subtle magic.....
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/