| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: andy_mn at hushmail.com (andy_mn@...hmail.com) Subject: RE: remote kernel exploits? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi again A number of people have pointed out to me that ~el8 is a group, not an individual. My bad on that point. It's also apparent that many are afraid to stick their necks out when mentioning this group, judging by the number of emails sent to me that weren't CC'd to the lists. I really don't understand what the problem is. Isn't it in our best interests to openly discuss these remote kernel vulnerabilities? Or is everyone content with this group of kids being able to gain access to almost anything they choose just because of someone's choice of operating system? And what kind of researcher would've given them these tools before notifying the rest of us anyway? I really think it's time to let the cat out of the bag on this issue. It's been reported to me that if the vulnerability rumours are true, then even most firewall setups would be completely futile. So am I just supposed to remain quiet about this like everyone else and hope I'm not attacked? My friend told me that there is no guarantee that any source tree fixes actually fix the bugs that these kids have access to. So in other words, unless one of these brats comes forward or the irresponsible security professional who was reckless with the information, we can never be sure that we have an operating system with these bugs fixed. If they don't deface websites with these exploits, then what do they do? Steal credit card information? Makes little difference to my argument. > >Why would all the good programmers be on the good side? You rea >lly think >there arn't groups out there that have outstandig coding skills >. That could >make such exploits, and find such errors. I personnaly think, a >nd know >pretty sure, that there are plenty of outstandig hackers outthe >re that could >make such exploits and use it in such a way that it's not revie >led to the >community. > >"if the kids really did have such an exploit, you'd think they' >d >tag their h4ndl3z all over high profile sites." who knows, but >don't be to >sure ... > >Cheers, > >Joep Gommers > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlwEARECABwFAj2ATEYVHGFuZHlfbW5AaHVzaG1haWwuY29tAAoJEDRxILB1JtUKua4A n2zEt4iQXOHQjnkHSc+HzvOp+DQKAKCv8JJ913AD+TLosGqLD2akiyPypA== =Fudq -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists