After a summer of bugs and worms, the security community on the Full Disclosure mailing list is taking a quick break. Witness relaxing security-geek style:
From: Dave Cawley
Subject: [Full-disclosure] Secuirty Hole Found In Dave's Sock
Vulnerability Found: Hole In Dave's Socket
Affected System: Dave's Right Sock
Severity: Rating: Moderately Critical
Impact: System access
Description of Vulnerability: This morning while putting my socks on I found a small (1/4 inch) hole by my big toe. This could be exploited by a virus through the bottom of the foot or under the toe nail. This could be used to compromise Dave's entire system.
Solution: No permanent solution is currently available. A work around is to wear the sock on the other foot to have the hole above the small toe where it will not be furthur enlarged, it will proboably fold over and partially cover the vulnerability. Permanent solution coming in either a sock darning or upgrading the unit to a new sock.
Time Table: Found at 7:48am on Sept 8th, 1005
Work around figured out at 7:49am on Sept 8th, 2005
Permanent Solution Pending
Credits: Found by Dave
References: No references available.
From: "Swain, Kenneth"
I have already heard about an exploit in the wild.
What company is this sock from? Should I run out and upgrade my socks? I see you failed to notify the vendor. Is there a reason for this? Yous hould always notify the vendor before posting the exploit or hole in public...
From: "MacDougall, Shane"
This vuln was already released on 7/21/05 by Thor. Please don't take credit for other people's findings.
Please don't rehash 1000 year old vulnerabilities unless you are adding new info...
From: "Dave Cawley"
Sorry, vendor is Gold Toe. I will alert them immediately. This is my first reporting, I tried to follow protocol as closely as possible. I just got so excited..
From: "Craig, Tobin
A number of patches are available, all dependent upon the severity of the vulnerability. I had always assumed this to be a feature, but now that it's been observed elsewhere, I'll initiate a full audit of my environment.
I also recommend that you carry spare socks to maintain continuity of operations.
Just a thought,
From: "Dave Cawley"
It's hard to get the socks from different pairs to sync up. This can cause confusion for people viewing the socks and in turn cause a high volume of inquiries to the system administrator. But I'll give it the old college try. Thanks for the input!
From: "Craig, Tobin"
It seems that the proprietary and the open source manufacturers agreed upon a standardized default configuration: all models are designed with one hole, used for deployment. Are you reporting the existence of a second hole, or is this an observation of the factory installed default configuration?
My recommendation is to isolate the sock until a full forensic examination can be performed.
Just another thought,
From: "Dave Cawley"
The sock came with the factory installed configuration. This hole is not part of that configuration and there is no mechanism in the origial configuration to close this one off.
GE, Maytag, Kenmore and numerous others have been implicated in a massive skimming scheme. Socks placed into washers and dryers with the appropriate mate tend to exit the cleaning process alone.
Several Gov't agencies released today the findings of a multi-year investigation and have concluded that the companies in question are skimming socks and reselling them to 3rd world countries for profit.
From: Daffey Duck
All users had been warned to update their Soft Wear. Thos who didn't are now experiencing the horrible consequences of their incompetence.
I realize that for new users, like Dave, soft wear can be confusing and frustrating. It was for me, as well until I educated myself.
As usual, the Birkenstock users are protected. However, security by obscurity will always fail.
This is NOT proper disclosure, Dave. You must contact the vendor first. My cousins, uncles, nephews sister works for Fruit of the Loom; I will attempt to locate a security contact there.
I just spoke with my girlfriend, and she has also confirmed that she has holes -- although there is only one way that I am aware of to fill her holes.
Until the hole is patched, do not put your sock on your cock. This could result in a buffer overflow.
From: Vladimir Parkhaev
your work around is very complicated and requires usage of 2 feet. Only Windows users have to perform this complex task of sock switching. There is a simple workaround for UNIX users: It is enough for UNIX users to simply turn the sock inside out and continue wearing it on the same foot.
There is more details in B. W. Kernighan, The Unix System and Softwear Reusability, Proc. Workshop on Softwear Reusability, pp. 235-239, Newport RI, September 1983,
(Reprinted in IEEE Trans. on Software Engineering Vol SE-10 (5) pp. 513-518 September 1984) .
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year