From: mike l. <lac...@gm...> - 2007-01-23 02:03:17
|
On 1/18/07, Diego 'Flameeyes' Petten=F2 <fla...@ge...> wrote: > On Wednesday 17 January 2007 17:23, Mike Melanson wrote: > > As long as you classify "denial of service" as security relevant, > > absolutely. As for more specific items like buffer exploits, these > > crashes might lead to something deeper. > Most people would consider client DoS not much security relevant, if it w= as a > memory hog could be worse. > Not say I. ;-). If it's possible to say stream a stream to a client which will crash the client then this is no so much a client DoS but a stream DoS. These types of attacks can be very simple to implement. Just put up a web page advertising free web tv, get google to list it in a search somhow, then your away with pleny of clients to attack and experiment on. Yes sure, not the best example but highlights that users are the cause of almost all security flaws being exploited. Doesn't mean they are not a DoS. M [snip] |