[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Apple IOS security issue pre-advisory record
From: Dave <mrx@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 23 Mar 2012 22:34:38 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And I thought curiosity killed only pussy cats.
I don't consider myself a security professional, but playing around with 
computers since the early 80's has certainly taught me that:

i)      Most links in forums.emails.blogs etc. benefit only the poster when 
clicked upon.
ii)     Paranoia is healthy. If one runs a computer most people ARE out to get 
you.
iii)    Lots of people are smarter than I.
iv)     If the curiosity is irresistible... use a VM.
v)      Browse unknown sites with scripting/cookies/etc disabled or use 
wget/lynx or see above.
vi)     Trust no one, Trust nothing.
vii)    At the first sign of compromise format and reinstall from trusted media.

I really shouldn't be trying to teach grannies to suck eggs but...
The last computer virus/compromise that affected a computer I owned, apart from 
those I purposely infect VM's with was the Saddam virus on my Amiga.

Now in my smugness, I expect I will be handed my ass later....

que sera sera

QR tags (matrix barcode)  now there's some fun waiting to happen ;-)

Dave
        
On 23/03/2012 20:41, Gary Baribault wrote:
> I find it very unfortunate that 300 supposed security professionals
> clicked on a hidden link like that without first checking what it was,
> or if not simply ignoring it like I did!!!
> 
> Gary Baribault
> Courriel: gary@xxxxxxxxxxxxx
> GPG Key: 0x685430d1
> Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1
> 
> 
> On 03/23/2012 12:34 PM, john doe wrote:
>> he he, good catch :)
>> Anyway, it doesn't hurt anybody: it's just a vote.
>> Well, let me explain. I'm a journalist (non IT, mainstream) preparing
>> an article about different internet communities behaviors. I've posted
>> similar messages talking about a security issue, pron pics, divx,
>> software and breaking news in several famous boards accordingly to
>> analyze the different related communities behaviors.
>> Each one links to a vote for different video contests so that I can
>> measure the hints.
>> Good to notice: this message has generated about 300 votes in the
>> first 15 minutes, making it the second score behind "divx" for now on.
>>
>> Thank you, and sorry for inconveniences (if any) !
>>
>> On Fri, Mar 23, 2012 at 1:59 PM, adam <adam@xxxxxxxxx
>> <mailto:adam@xxxxxxxxx>> wrote:
>>
>>     That's pretty clever. But it doesn't work when people have tinyURL
>>     previews enabled.
>>
>>     URL:
>>     
>> http://www.dailymotion.com/ajax/contest?*ajax_function=vote*&ajax_arg[]=41941248&ajax_arg[]=2223
>>     
>> <http://www.dailymotion.com/ajax/contest?ajax_function=vote&ajax_arg[]=41941248&ajax_arg[]=2223>
>>
>>
>>     Response:
>>     +:{"message":"Thank you","status":1}
>>
>>     On Fri, Mar 23, 2012 at 7:14 AM, john doe <ninjaobsessed@xxxxxxxxx
>>     <mailto:ninjaobsessed@xxxxxxxxx>> wrote:
>>
>>         Advisory Disclosure MD5: e29e5501dc2ca4d5fc06855762b14393
>>         Abstract <http://tinyurl.com/8xq2xcq>
>>
>>         Regards,
>>         _______________________________________________
>>         Full-Disclosure - We believe in it.
>>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>         Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBT2z6frIvn8UFHWSmAQJ45Qf+Kgdx07L8TESYQ5LraMuTx33b7dYhlDYU
ziBk//dhM9mO0SSOGgUbZWQZTeUXwI+213Njf6xQQ9urr7VfNzJ/FXCCyH7FicKI
xMkI/0p/8ZELdx0bsGxr0Jy/sWTnQT1pQvBPXRKX44jVg9TkDy9YxBVxdkzBaput
oAzSuFNnEbDNEgvS1mxwimjzOAtvYdisCMOuTyS2nptPHNOJ0QuhMQ0WsfbwUhLr
b2/zPETVsH0NVR1jIS+qMzSFfDhSGJQc5H+phkKQ4FbTVsdJvVnMlgUhOHbdYO8T
glPR6P+vey8BUBbtGaRtIx2qNZhx1HwkMODXI6FQHRjHAPXrJcDsBw==
=v9iB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Apple IOS security issue pre-advisory record
  - From: Valdis . Kletnieks

References:
- [Full-disclosure] Apple IOS security issue pre-advisory record
  - From: john doe
- Re: [Full-disclosure] Apple IOS security issue pre-advisory record
  - From: adam
- Re: [Full-disclosure] Apple IOS security issue pre-advisory record
  - From: john doe
- Re: [Full-disclosure] Apple IOS security issue pre-advisory record
  - From: Gary Baribault

Prev by Date: Re: [Full-disclosure] Apple IOS security issue pre-advisory record
Next by Date: Re: [Full-disclosure] Apple IOS security issue pre-advisory record
Previous by thread: Re: [Full-disclosure] Apple IOS security issue pre-advisory record
Next by thread: Re: [Full-disclosure] Apple IOS security issue pre-advisory record
Index(es):
- Date
- Thread