[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Apple Safari ... DoS Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx, nick@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
From: bobby.mugabe@xxxxxxxxxxxx
Date: Mon, 02 Mar 2009 22:29:39 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Nick,

You and Thierry Loller are wrong.

- -bm

On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald <nick@virus-
l.demon.co.uk> wrote:
>Chris Evans to Thierry Zoller:
>
>> > Example
>> > If a chrome tab can be crashed arbritarely (remotely) it is a
>DoS attack
>> > but with ridiculy low impact to the end-user as it only
>crashes the tab
>> > it was subjected to, and not the whole browser or operation
>system.
>> > But the fact remains that this was the impact of a DoS
>condition,
>> > the tab crashes arbritarily.
>>
>> Eh? If you visit www.evil.com and your tab crashes, that's no
>> different from www.evil.com closing its own tab with Javascript.
>
>But what if www.evil.com has run an injection attack of some kind
>(SQL,
>XSS in blog comments, etc, etc) against www.stupid.com?
>
>Visitors to stupid.com then suffer a DoS...
>
>Yes, stupid.com should run their site better, fix their myriad XSS
>holes,
>etc, etc.
>
>But this is the Internet, so this "software flaw" can be leveraged
>as
>security vulnerability.
>
>I'm with Thierry on this...
>
>
>Regards,
>
>Nick FitzGerald
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+0
b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXFm
7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAhp
UpXIZ1s=
=zgqd
-----END PGP SIGNATURE-----

--
Become a medical transcriptionist at home, at your own pace.
 
http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7cDXj4iASDyccuLtQA2i9f1le/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
  - From: Nick FitzGerald
- Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
  - From: Valdis' Mustache

Prev by Date: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Next by Date: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Previous by thread: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Next by thread: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Index(es):
- Date
- Thread