hahaha, I hope you will keep this "weekly award" thing up, its a nice refreshing change from the usual tone of the list.
On Tue, 5 Aug 2003 08:15:08 -0400 "Mortis" <[EMAIL PROTECTED]> wrote: > Good morning Ladies and Gentleman, > > I'm glad you could come to the semi-weekly Full Disclosure > Award Ceremony. It's been an exciting week and the judges > are having a hard time making their decision. You decide... > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > We have three contenders for the "No Sh*t, Sherlock" award > this week: > > a) Ben Moeckel ([EMAIL PROTECTED]) for his > lovely copyrighted write-up letting us all know "When > webbrowsers parse html they remove special chars, this > behavior may be used by an malicious user to fool > script/html-filters in webapplications". We never thought > of that, Ben. Got any more tricks up your sleeve? > > b) Richard M. Smith ([EMAIL PROTECTED]) for letting > us know he found a way to deliver a file to a program that > is made to read files. And has no known vulnerabilities. > On one operating system and browser. Thanks, Dick, we > needed something like that! It operates as designed... > let's call the press. > > c) gyrniff ([EMAIL PROTECTED]) for the brilliant > observation that recent MS operating systems talk to MS on > the internet by default. If MS hadn't said so and we hadn't > read about it in the press about 6 years ago, we might act > surprised. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > We have FOUR contenders for the "I would just like to > announce that I am a moron" award. Yes, you heard me. > Four. Sometimes you have to wait months for gems like > these, folks, but not on FD: > > a) Kyp Durron ([EMAIL PROTECTED]) for forwarding us the > headers from his message that may or may not have been from > Microsoft. Like it was somehow more special than the other > 800 spams we got over the weekend. Slap yourself with the > clue stick, Kyp. Most of us get the same spam in our own > mailboxes. All the time. Can you imagine that? Richard > researches this topic. He may be interested in the extra > copies. > > b) Kaveh Mofidi ([EMAIL PROTECTED]) for the "Recycle > Bin Unavailability of Service". He just called to let us > know that he found a harmless minor bug in the Microsoft GUI > that has no bearing on security whatsoever. But it made you > look, didn't it! Thanks, man. Please send the $4,238 worth > of people's time that you wasted to a good charity. Oh, > wait, don't bother. Anyone who wasted their time deserved > it. > > c) Harshul Nayak ([EMAIL PROTECTED]) for observing back > to the list the exact information that the original poster > did. And for making it sound like he was contradicting > them. Come to think about it, maybe this one should come > off the list. I think he was making a funny. > > d) Justin Shin ([EMAIL PROTECTED]) just for being > him. Quotes o' the week: "This probably sounds like a > really stuuuuuuupid question ... When I ran ... exploit ... > tried to create a share ... connect to share, I am forced to > login as Guest ... Is it just me or is it something else??" > ***** It's just you. ***** "Because, I have so much time > that I can waste being a 1337h4x0r and screwing around with > other people's computer" ***** We thought this might be the > case. ***** "Sounds like it was poorly written" ***** based > on the size of an executable: good analysis! ***** "I have > observed this on one of my client's computers as well" ***** > Please tell us UR kidding ***** > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > I suppose we need to give away two awards for good posts. > Thanks, boyz. > > a) [SEC-LABS TEAM]: ([EMAIL PROTECTED]) For their > Win32 Device Drivers Communication Vulnerabilities + PoC for > Symantec Norton AntiVirus '2002 (probably all versions) > Device Driver. Sweet. > > b) dong-h0un U [EMAIL PROTECTED] for the nicely coded > wu-ftpd-2.6.2 off-by-one remote exploit. You the man, > noon_dong. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > I need to send a special note to morning_wood, too, for his > special treasure "HTML FORMATED MAIL ( ie - oe - html ) > bgsound local file - ding?". > > Picture this. Picture Mortis sitting at computer in > bedroom. Picture alarm clock, 3:43 am. Picture Lady Death > sleeping in bed near computer. Picture nice computer with > good sound card and Dolby 5.1 surround sound. Picture > Mortis clicking on email to see what ding ding about. > Picture DING! DING! DING! DING! DING! DING!... > > You s*ck, morning_wood. I hate you. Lady Death is p*ssed. > No s3x. I will get you for this. I usually like funny, but > not this time. > -- > I'm dead, > m0rtis > P.S. Greets to Brent who is crabbier than Mortis. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- /* "To avoid all evil, to cultivate good, and to cleanse one's mind this is the teaching of the Buddhas." Martin Ekendahl http://www.hardlined.com [EMAIL PROTECTED] */ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
