I have found that using several randomly inserted legal-sized sheets of paper in random color assortments works best. It's hard to trace which sheet caused the problem, making it nearly untracable. This can also be used as a denial of service attack in large quantities, and remains untracable except for fingerprinting evidence on the paper.. The expense involved however, is much too great for most script kiddies, who can't afford new PC's to upgrade their old packard bells, let alone pallet after pallet of paper.. :/ Justin C. Darby ----- Original Message ----- From: "Xyntrix" <xyntrixat_private> To: "w1re p4ir" <w1rep4irat_private> Cc: <vuln-devat_private> Sent: Monday, September 10, 2001 12:47 PM Subject: Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) > On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4irat_private> said: > > A vulnerability has been found in my companies Paper Shedder. When putting more than the recommened paper into the shedder (but not enough for a DoS) It allows the paper to go in. This could cause abirtary paper to allowed in side the shredder. This vulnerability has been discovered on Sept. 10. Achiever Has not been notified of this particular vulnerability. > > > > ________________________________________________________ > > The Best News Source On The Web - http://www.disinfo.com > > i tried to replicate this problem and could not get it to work. i am > currently using a stable version of a paper shredder. i also tried this > on a post-processing paper shredding device where a third-party carries > out the shredding process, and that also failed to acvieve a stack > overflow. what size of paper are you using? i believe i am using 24lb, > legal size. > > ----- > _______________________________________ > Mike Mclane | xyntrix at bitz dot org | > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 12:56:12 PDT