Friday, April 1, 2011

Information Security Comedy Genius

You just can't make this stuff up ... I don't know if you follow the Bugtraq mailing listor not, but as I read this today I first thought that hey, it's April Fools' ...but when I realized it was a serious post I read on and the result was a serious LOL ...and projectile coffee all over my monitor/keyboard as a result of Thor's reply.

So here's what happened ...

An email came in with a disclosure..."Microsoft VISTA TCP/IP heap buffer underflow"

...which had this gem of a paragraph in it (for a little context, the person is referring to a PoC he wrote as the program):

"To execute either the sample program or any other system command, the user has to be either the admin, in the admin group or the Administrators group. Since this buffer underflow never makes it to kernel memory, it could be possible that propping up the underflow will make it overflow and take control over the operating system without any restriction."

...which I figured for an April Fools' gag, until I realized it was serious.

Then ...came the LOLs ...because in proper form "Thor" (Hammer of God) had this brilliant rebuttal:
"Just so that I understand correctly, are you reporting that if one is logged on as the administrator, it may be possible to execute this exploit in order to take over the machine? t"

You just can't make this shit up folks ...welcome to Information Security.

No comments: