Smells like teen spirit

It must be the 90s again. Nirvana is on the radio, and people are finding remotely exploitable WebDAV vulnerabilities. Using unicode encoding no less – the choice of a new generation. A note to Microsoft: in the 21st century we have this new thing called “a fuzzer”. You might want to google for ‘bestorm’ or ask the SDL team about the general concept.

Another 90s thing is to publish a critical exploit without going through a broker to get paid for it (or waiting for a hacking contest). Don’t get me wrong – we offer both options: the publish your exploits for free, and publish your exploits for profit routes are both open to you. Personally – if you go on the full disclosure path more power to you, but I have to admit nowadays it’s as rare as hearing Nirvana on the radio.

Now I hear there’s a new browser out there nicknamed “mozilla”. I think I’ll check it out, they say it will kick Internet Explorer ass before Y2K…

  • kcope

    there are rumors about that we did not get a single penny for the “blast” :)

    sunshine keep up the good work with securiteam, i wish you update it more frequently!!!

  • kcope

    HAHA, I just checked if the bug affects IP- and Domain-Based Access Restrictions. IT DOES !
    Oops actually forgot about mentioning that one.
    Probably will post that on technotronic when my time machine is ready for the 90s.

  • aviram

    Kcope, thanks for the update! This is one of the coolest bugs I saw lately.
    Kudos for going full disclosure and tell the rumor spreaders to go fuzz themselves :-)

  • Pingback: Wampiryczny blog

  • jinmilk

    nirvana is cool band! Kurt FTW!