On Wed, Nov 14, 2012 at 5:20 AM, Kirils Solovjovs
wrote:
>
> The team has worked around this and are now trying to fix the
> bug/feature. :)
>
> http://www.reddit.com/r/netsec/comments/13664q/skype_vulnerability_allowing_hijacking_of_any/
>
"Skype investigating account theft vulnerability - Update
I'll make one point. Google 'oracle attack'. The only result that comes up
related to your naming meaning is the one posted here. The rest are the obvious
examples.
But whatever, you seem to be vulnerable to the one d eye oh 7 vulnerability.
Sent from my iPhone
On 15 Nov 2012, at 18:59, klondi
Furthermore, I didn't say you we're talking about a '0day'. It was an example.
Re never seeing anyone call it user enumeration; do you live in a cave of some
sort? This is what all a) major tools classify it as b) cve issuings classifies
it as c) major infosec providers such as pentest companie
El 15/11/12 09:47, Benji escribió:
> Sometimes when people argue over the definition of '0day', it is important to
> be clear.
I never called my attack a 0-day, did I?
> Although the bash script made it clear, I have never ever seen someone call
> 'user enumeration' an 'oracle attack'.
Turns out
Also thank you for posting a link to a well known reference, that was super
appreciated.
Next time link something like OWASP, at least most whitehats don't laugh at
them so you gain more credibility.
Sent from my iPhone
On 15 Nov 2012, at 03:45, "Nick FitzGerald" wrote:
> Benji wrote:
>
>>
Hi genius of the year
Sometimes when people argue over the definition of '0day', it is important to
be clear. Although the bash script made it clear, I have never ever seen
someone call 'user enumeration' an 'oracle attack'. Probably because this is
2012 and the Matrix hasn't just come out.
So
Benji wrote:
> Oracle attacks?
>
> See into the future?
> Padding oracle attacks?
> Oracle SQL injections?
You noobs...
http://www.drdobbs.com/understanding-oracle-attacks-on-informat/184405917
(Don't get too tied up in the crypto stuff in that article.)
klondike's point is that simply mon
El 14/11/12 16:51, Benji escribió:
> Oracle attacks?
>
> See into the future?
> Padding oracle attacks?
> Oracle SQL injections?
The kind of oracle that loves saying yes or no :P
signature.asc
Description: OpenPGP digital signature
___
Full-Disclosure
Oracle attacks?
See into the future?
Padding oracle attacks?
Oracle SQL injections?
On Wed, Nov 14, 2012 at 3:44 PM, klondike wrote:
> El 14/11/12 11:20, Kirils Solovjovs escribió:
> > The team has worked around this and are now trying to fix the
> > bug/feature. :)
> >
> >
> http://www.reddit
El 14/11/12 11:20, Kirils Solovjovs escribió:
> The team has worked around this and are now trying to fix the
> bug/feature. :)
>
> http://www.reddit.com/r/netsec/comments/13664q/skype_vulnerability_allowing_hijacking_of_any/
Well, they also seem to be vulnerable to oracle attacks against the
e-mai
This has nothing to do with the client. The service is at fault.
Also for the record, r/netsec is a huge circlejerk.
On Wed, Nov 14, 2012 at 10:20 AM, Kirils Solovjovs <
kirils.solovj...@kirils.com> wrote:
>
> The team has worked around this and are now trying to fix the
> bug/feature. :)
>
>
>
The team has worked around this and are now trying to fix the
bug/feature. :)
http://www.reddit.com/r/netsec/comments/13664q/skype_vulnerability_allowing_hijacking_of_any/
P.S. Not to say that there aren't any other security bugs to come. Use a
secure client!
--
Kirils Solovjovs
___
12 matches
Mail list logo