Slashdot Mirror

← Back to Domains

Domain: guninski.com

Stories and comments across the archive that link to guninski.com.

Comments · 29

  1. Re:Is it that easy? by stevey · · Score: 1 · on MS Critical Patch Fixes 8 Vulnerabilities

    Qmail has had security issues - but DJB just ignores them.

    (In practise they're unlikely to bite, but Georgi Guninski has reported multiple real security issues with Qmail which DJB happily ignores.)

  2. Re:Just good. by DA-MAN · · Score: 1 · on DJB Releases All Source to Public Domain

    Here are two security reportsfrm Georgi Guninski, neither of which received the bounty offered:

            * http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
            * http://www.guninski.com/qmailcrash.html These are DoS attacks that can be easily mitigated by using databytes. The offer was about security issues, not DoS attacks.
  3. Re:Just good. by DA-MAN · · Score: 1 · on DJB Releases All Source to Public Domain

    Here are two security reportsfrm Georgi Guninski, neither of which received the bounty offered:

            * http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
            * http://www.guninski.com/qmailcrash.html These are DoS attacks that can be easily mitigated by using databytes. The offer was about security issues, not DoS attacks.
  4. Re:That may be good. by Just+Some+Guy · · Score: 3, Interesting · on DJB Releases All Source to Public Domain

    my qmail gateways have never been exploited through qmail.

    That's because qmail's known exploits mainly affect new hardware. Cool, huh? Buy a new server and watch it automatically get less secure.

  5. Re:Just good. by stevey · · Score: 1 · on DJB Releases All Source to Public Domain

    Here are two security reportsfrm Georgi Guninski, neither of which received the bounty offered:

  6. Re:Just good. by stevey · · Score: 1 · on DJB Releases All Source to Public Domain

    Here are two security reportsfrm Georgi Guninski, neither of which received the bounty offered:

  7. Re:security is paramount by Anonymous Coward · · Score: 0 · on Qmail At 10 Years — Reflections On Security

    Security at any cost? Easy. Unplug your computer. Done.

    Getting the job done actually counts for a lot, you know.

    Also, "security at any cost" would mean it wouldn't be a leading source of backscatter spam. Security at any cost would also mean that his array handling code would be very throughly checked to be secure no matter what enviroment it was running in. However:

    "In May 2005, Georgi Guninski claimed that some potential 64-bit portability problems allowed a ``remote exploit in qmail-smtpd.'' This claim is denied. Nobody gives gigabytes of memory to each qmail-smtpd process, so there is no problem with qmail's assumption that allocated array lengths fit comfortably into 32 bits. " -- http://cr.yp.to/qmail/guarantee.html

    (in reply to http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html )

    I very much doubt anyone bothers to put limits on processes (we assume that they're secure without relying on operating system features like that! Does DJB's installation instructions say to do this? I doubt it.

    Anyway, if it was secure at any cost, why is is reliant on the OS providing that? Qmail on 64 bit with decent amounts of virtual memory available is seemingly easily compromised.

  8. Re:Comments lie. Code never lies. by fimbulvetr · · Score: 1 · on Any "Pretty" Code Out There?

    It's not clear to me an actual case has been made that warrents the $500.

    Moreso, the "bugs" describes above can be "features" to somebody else.

    Was it the privilege escalation, root privlege escalation or remote crashing that you consider features?

    http://www.guninski.com/where_do_you_want_billg_to _go_today_4.html

  9. Re:Maybe your notion of reality comes from fiction by Schraegstrichpunkt · · Score: 1 · on MySpace Worm Creator Sentenced

    "What exploits are those?"
    Google it yourself and find out.

    What, this? That's not a remotely-exploitable security hole. It's not even a DoS hole, because a separate qmail-smtpd gets run by tcpserver for each connection. You claim that qmail has remotely-exploitable security holes. Again, I ask you for evidence.

    As far as your bullet points go, equal care could (and has) been done for other types of software that ended up with bugs anyway.

    You can do formal analysis of software the size of, say, OpenOffice.org? You claim it has been done. Again, evidence? Not that it would refute my argument, because other people doing it wrong does not preclude someone from doing it right.

    But don't forget the context of this discussion which is whether the criminal or the software writer is responsible for creating an exploit.

    You made a strong statement ("X is impossible") backed by a bogus claim. I called you on it, and now you're saying that it doesn't matter---that you're right anyway? I'm not convinced.

  10. Re:More specific? by lintux · · Score: 1 · on Infrastructure for One Million Email Accounts?

    How's that? Do you have $500? If not, what's the security vulnerability that the author refuses to acknowledge?

    I remember that there was an integer overflow DJB didn't want to acknowledge some time ago. IIRC it could only be exploited on machines with more than 4GB of RAM, not sure though. I know someone who did an audit on some DJB code, and it drove him mad. There are many dirty and dangerous constructions, but they're all done in such a way, that they're just exactly safe, or at least not dangerous. Continuously walking on the edge, but never falling off.. So far...

    It's kind of annoying that DJB thinks his software is so superior that he refuses to update it for years already, even though there are enough problems with it. (Considering the amount of patches that most of the QMail users have to apply before they can use (or even compile) it...)

    BTW, Grendel, aren't you the one whose survey-system I kind-of beta tested a couple of years ago? ;-)

  11. Re:Reently installed, uninstalled FireFox by Anonymous Coward · · Score: 0 · on A Look at the Newly Released Mozilla Firefox 0.9
    What's your IP?

    You're seriously naive if you think that IE is in any way secure by default, or secure when patched up. It might be secure if you set your local zone to high security settings, but then it's almost useless to all but your trusted sites.

    Read these links, and you'll see:


    There has been at least one reported incident where spyware authors have discovered and exploited a hole in IE (i.e. it was not published on any security mailing list, and no patch currently exists). This is an undisclosed vulnerability which was genuinely found
    in the wild. (the register covered this too).
  12. qmail, too... by rsidd · · Score: 1 · on Remotely Crash OpenBSD

    This guy found a crash in qmail, too. I don't think he showed it was exploitable, so he doesn't win DJB's security guarantee prize. In fact I'm not sure DJB reacted to the news at all.

  13. Reminds me of something. . . by frankthechicken · · Score: 1 · on Another Serious MSIE Hole

    Considering its use of embedding a CLSID into the file name, and the similarity to this flaw, you would have thought Microsoft would be able to sort out a fix soon enough.

    Well, maybe.

  14. The Netscape Bug Bounty. by x0n · · Score: 4, Informative · on Netscape Pays $100,000 To Settle Privacy Issue

    Ouch! Georgi Guninski must be feeling a little hard done by; he resolved a number of privacy problems for Netscape, but probably only got $1000 a pop.

  15. Re:Oh geez... by Anonymous Coward · · Score: 0 · on RFC 3514: New Bit Defined for IPv4 Headers

    Mod this up. The "evil" bit is about as effective as ActiveX control signing...

  16. Re:**Sigh...** by julesh · · Score: 2, Informative · on Latest IE Hole Lets Gopher Root You
    Most of the other browsers have security holes found in them from time to time as well, but most of the kind crackers out there seems to take a diabolical pleasure in focusing on IE (and since it's one of the core technologies of it, Windows...). If people spent as much time trying to break many of the other Browsers out there, I'm sure they would find they're all their own brand of swiss cheese.

    If you read any of the security mailing lists you will find that probably about half of the IE holes we've seen over the last few years were discovered by Georgi Guninski. Georgi has also researched other browsers, as you will see from his site. He just hasn't found as many holes in the others.

    OK, so IE gets the focus from most people. But just because its in the centre of attention doesn't mean it doesn't actually have more problems than the rest of them...

  17. Re:Stats, anyone? by sh0rtie · · Score: 5, Informative · on Latest IE Hole Lets Gopher Root You


    Yep this site specialises in just that
    Here

    also George Guninski does some research here
    Here

    and Mr Malware
    Here

  18. Re:Finally, the voice of reason, from a CEO no les by BenjyD · · Score: 1 · on AMD Takes Microsoft's Side in Antitrust Case

    Oh yes, Internet Explorer is the best browser. Not buggy and insecure or anything. People don't use non-MS software because they hate MS. They use it because MS software is shitty.

  19. Re:Unpatched IE security hole list by diogenes57 · · Score: 2, Informative · on Security Flaws May Be Microsoft's Undoing

    More patched IE 6.0 security holes are available here and a further demonstration of the GetObject() vulnerability is available here.

    When a hole is discovered on a new piece of software and the patch hasn't been released yet, should we abandon the product until it's fixed? What if your corporation runs ASP, MSSQL, and IIS and a flaw is discovered; should you switch to PHP, MySQL, and Apache? Imagine how much time and money that would cost.

  20. Re:IE Vulnerability Page by PhoenixFlare · · Score: 1 · on Uber-patch for Internet Explorer
    I decided to give that link a look, and tried the Javascript BSOD simulation here.

    Since i'm using Netscape 6.2, it popped up a normal browser window instead of (i'm assuming) a BSOD, that kept re-opening itself no matter how many times it was closed, and I had to totally restart Netscape to kill it :P



    If you're going to link to things like this, at least make sure they work correctly...

  21. IE Vulnerability Page by djaxl · · Score: 2, Informative · on Uber-patch for Internet Explorer

    Check out http://www.guninski.com/browsers.html.

  22. Re:Saw this thread on bugtraq by julesh · · Score: 1 · on Another Gaping Microsoft Security Hole Goes Unpatched

    Several people on the list attempted to reproduce the exloit as detailed by the original poster and failed. Whether that was their mistake or not is anyone's guess


    Well, I for one did try. The original discussion sounded intriguing, and the unusual lack of detail for a bugtraq post made me take note. I'm not a security researcher, and don't claim to know much about internet security - just the basics that you need to know in order to write web applications, which is my job. Exploiting your average bug is way beyond me (I wouldn't know where to start with a buffer overflow, and I don't even understand how format string bugs work), but I got this one down in 5 minutes. It's a simple combination of factors.


    What I'm saying, basically, is that if I can do it, so can a lot of other people. It's also in an area of IE that many people have known for a long time is very flaky, so I guess that some people have known about this hole for a very long time, because a lot of people go looking for IE holes, and if you know how to do it they can be easy to find.

  23. Re:Internet Explorer 5.0, 5.5, 6.0? by ToLu+the+Happy+Furby · · Score: 2 · on New (More) Annoying Microsoft Worm Hits Net

    Does anyone have more information about the IE5 part of this? How does it spread? What exactly spreads? How do you find out if you are infected and does this also work for IE5.5 and IE6 or is it only IE5.0x?

    It spreads according to a hole in IE 5 which automatically opens and executes .eml files. More information here.

    I tried the demonstration exploit on the above page using IE6, and it gave me a dialog box confirming that I wanted to open the file. (Except it was already a .tmp file in my temp directory at that point, not a .eml file.) So presumably IE6 at least asks your permission first. Also, when I decided to "open" the file it opened the file in Word, instead of running it. (apparently)

    So IE6 appears to be safe, at least from the demo exploit coded by Guninski. Dunno about IE 5.5.

  24. More info on the .EML bug by Corrado · · Score: 1 · on New (More) Annoying Microsoft Worm Hits Net

    Georgi Guninski Security Research has some detailed info on the problems with IE executing .eml files. Go here for a small demo.

  25. More info on the .EML bug by Corrado · · Score: 1 · on New (More) Annoying Microsoft Worm Hits Net

    Georgi Guninski Security Research has some detailed info on the problems with IE executing .eml files. Go here for a small demo.

  26. Yep, we're seeing them here too. by Olinator · · Score: 5, Informative · on New (More) Annoying Microsoft Worm Hits Net
    David Korpiewski, our Windoze martyr, is hard at work on this one (I Don't Do Windows:-), and had this to say:

    Evidence from compromised boxes elsewhere on campus seems to indicate that this bug will create a ton of *.eml files on the computer and they are all about 78k. Wehaven't received an .eml file in hand yet, to view the contents. A variety of .eml files are created, including "desktop.eml", "readme.eml", etc.

    A compromised system will attach a readme.eml file to the bottom of all web pages served. This is because there is currently a bug out for IE5 that will auto execute any given .eml file.

  27. Re:Why continue using Outlook? by imipak · · Score: 2 · on Another Nasty Outlook Virus Strikes
    And who does Bug Finder General Georgi Guninski work for? Why, Netscape!

    Oddly, though, he seems to be doing much more work for Microsoft... why, he lists forty security holes in Internet Explorer/Outlook, alone!
    --
    "I'm not downloaded, I'm just loaded and down"

  28. Just wait... by jason_z28 · · Score: 1 · on Konqueror Supporting ActiveX

    till Georgi Guninski gets a hold of this. I don't see how supporting a M$ only technology is a good thing.
    Jason

  29. This has happened on many browsers before. by Bungie · · Score: 3 · on Serious Security Flaw in MSIE 5.01, 5.5

    I don't know what the big deal is here. This has happened to many other browsers before, including older versions of IE. With new standards, scripting and virtual machine technologies being implemented in browsers continually, it is expected. It is a simple browser vulnerability, and that is all.

    This is not new, if you read Bugtraq, or even Georgi Guninski's page, you will see this and many other exploits are a common occurance in many browsers. Even browsers that handle only plain html like Lynx have been proven vulnerable at times.

    Since IE3, many vulnerabilities like this have popped up in MS's browser. IE3 was far worse, as both the Windows and Macintosh platform could both be explotited in terrible ways. Also, we can't forget the famous Netscape Brown Orifice exploit, which Netscape admittedly couldn't even fix in their 4.x series of browsers. I'm sure there are some fine exploits waiting to be found in the lesser used browsers too, but they are just far less reviewed by the security community.

    Now I don't think its right that such vulnerabilities exist, but bugs will always be present in software. Internet Explorer just happens to use a lot of mixed technologies and therefore there are more ways for it to be exploited. This is nothing more than someone exploiting a vulnerable version of BIND or RPC. The only difference I find here is that Microsoft is involved, and thus makes a good sensationalist Slashdot target.