[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] newest category of security bugs considered elite ?

To: Georgi Guninski <guninski@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] newest category of security bugs considered elite ?
From: Dan Kaminsky <dan@xxxxxxxxxxx>
Date: Sat, 1 May 2010 15:29:25 -0400

I really like the hash length declaration bugs, where the client can  
tell the server how many bytes of a hash need to be validated.  (Yep,  
you just say "one byte is plenty")

SNMPv3 and XML-DSIG both fell to this, catastrophically.

On May 1, 2010, at 2:23 PM, Georgi Guninski <guninski@xxxxxxxxxxxx>  
wrote:

> ok, we had a flame.
>
> what is the newest category of sekurity bugz that is considered  
> elite ?
>
> basically, int. over., BO are generally considered elite yet barely  
> new.
> XSS probably is not elite by 3l33t majority opinion.
>
> i was looking in the past and my heart was not beating fast ;-)
>
> -- 
> joro
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] newest category of security bugs considered elite ?
  - From: Nick FitzGerald

References:
- [Full-disclosure] newest category of security bugs considered elite ?
  - From: Georgi Guninski

Prev by Date: [Full-disclosure] newest category of security bugs considered elite ?
Next by Date: [Full-disclosure] CORELAN-10-035 NolaPro Enterprise multiple vulnerabilities
Previous by thread: [Full-disclosure] newest category of security bugs considered elite ?
Next by thread: Re: [Full-disclosure] newest category of security bugs considered elite ?
Index(es):
- Date
- Thread