lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 22 Jul 2005 20:14:43 +0100
From: Adam Laurie <adam.laurie@...bunker.net>
To: bugtraq@...urityfocus.com
Cc: David Litchfield <davidl@...software.com>
Subject: Re: Oracle and setting the record straight


David Litchfield wrote:
> Hey all,
> I don't know whether this helps serve any purpose or not, other than the 
> vent some of my own frustrations; however...
> 
> In the wake of the release of Alex Kornbrust's details on some Oracle 
> flaws there has been some discussion in various places about when I 
> supposedly did the same thing last year at Blackhat - i.e. release 
> information on Oracle bugs in the absence of a vendor supplied patch.
> 
> For the record, I did _not_ do this.
> 
> So, setting the record straight: I was due to present a talk that 
> centered around a batch of Oracle vulnerabilities at Blackhat last year. 
> I gave Oracle a heads up and explained that I intended to do so and 
> questioned whether the patches would be ready. On the day of the talk I 
> was informed by Oracle that the patches were not ready and so when I got 
> up on the stage I proceeeded to tell everyone exactly why I could no 
> longer do the talk. i.e. I can't do the talk because Oracle failed to 
> patch the problems I was going to talk about.
> 
> I did not discuss in any form or fashion the actual bugs.

FWIW, I was there, and can confirm that this is true. Indeed, Dave was 
put in a very awkward position, having to pull most of the content of 
his talk at the last minute...

cheers,
Adam
-- 
Adam Laurie                         Tel: +44 (0) 20 7605 7000
The Bunker Secure Hosting Ltd.      Fax: +44 (0) 20 7605 7099
Shepherds Building                  http://www.thebunker.net
Rockley Road
London W14 0DA                      mailto:adam@...bunker.net
UNITED KINGDOM                      PGP key on keyservers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ