This hole must be a general misconception of the product. After checking my socks I found a hole in all of them! They are all size 9 1/2.
My questions: Has sombody already detected a working exploit for this hole in the wild? Can this hole be exploited if the socks are laying on a shelf in a cabinet? Can somebody exploit the hole on the street, while I'm wearing the socks? On Thu, 2005-09-08 at 12:50 -0400, Dave Cawley wrote: > The sock came with the factory installed configuration. > This hole is not part of that configuration and there is no > mechanism in the origial configuration to close this one off. > > *************************************************************** > Dave D. Cawley | > High Speed Internet | The number of Unix installations > Duryea, PA | has grown to 10, with more expected. > (570)451-4311 x104 | - The Unix Programmer's Manual,1972 > [EMAIL PROTECTED] | > *************************************************************** > URL => http://www.adelphia.net > > -----Original Message----- > From: Craig, Tobin (OIG) [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 08, 2005 12:46 PM > To: Dave Cawley; [email protected] > Subject: Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock > > > It seems that the proprietary and the open source manufacturers agreed > upon a standardized default configuration: all models are designed with > one hole, used for deployment. Are you reporting the existence of a > second hole, or is this an observation of the factory installed default > configuration? > > My recommendation is to isolate the sock until a full forensic > examination can be performed. > > Just another thought, > > Tobin > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > <[EMAIL PROTECTED]> > To: [email protected] > <[email protected]> > Sent: Thu Sep 08 12:10:28 2005 > Subject: [Full-disclosure] Secuirty Hole Found In Dave's Sock > > Date: 9/8/2005 > > Vulnerability Found: Hole In Dave's Socket > > Affected System: Dave's Right Sock > > Severity: Rating: Moderately Critical > Impact: System access > Where: Foot > > Description of Vulnerability: This morning while putting my socks on I > found a small (1/4 inch) hole by my big toe. This could be exploited by > a virus through the bottom of the foot or under the toe nail. This could > be used to compromise Dave's entire system. > > Solution: No permanent solution is currently available. A work around is > to wear the sock on the other foot to have the hole above the small toe > where it will not be furthur enlarged, it will proboably fold over and > partially cover the vulnerability. Permanent solution coming in either a > sock darning or upgrading the unit to a new sock. > > Time Table: Found at 7:48am on Sept 8th, 1005 > Work around figured out at 7:49am on Sept 8th, > 2005 > Permanent Solution Pending > > Credits: Found by Dave > > References: No references available. > > > *************************************************************** > Dave D. Cawley | > High Speed Internet | The number of Unix installations > Duryea, PA | has grown to 10, with more expected. > (570)451-4311 x104 | - The Unix Programmer's Manual,1972 > [EMAIL PROTECTED] | > *************************************************************** > URL => http://www.adelphia.net > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
