Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Skype account + IM history hijack vulnerability
From: klondike <klondike () klondike es>
Date: Thu, 15 Nov 2012 19:59:13 +0100

El 15/11/12 09:47, Benji escribió:
Sometimes when people argue over the definition of '0day', it is important to be clear.
I never called my attack a 0-day, did I?
 Although the bash script made it clear, I have never ever seen someone call 'user enumeration' an 'oracle attack'.
Turns out I have never seen anybody call an 'oracle attack' 'user
enumeration'.
 Probably because this is 2012 and the Matrix hasn't just come out.
Probably because the attack won't give you the whole list of usernames
but instead tell you which e-mails (not necessarily being an username)
on your list are on its list. Also turns out the concept of oracle has
been in use on the computation world way before you think and before the
OWASP guys arbitrarily decided such a name in, amongst others, the
complexity theorems that keep the cryptography used nowadays secure, so,
please, stop acting childishly over something as stupid as the name of
the attack and concentrate instead on the exposed issue.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]