| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: matsu at mailvault.com (Matsu Kandagawa) Subject: An open question for Snort and Project Honeynet -----BEGIN PGP SIGNED MESSAGE----- Thanks to Roesch's magnificent sentence-parsing spin job yesterday, like the rest of you, I'm quite sure that, quote, "there is no trojan in Snort". But unless I grossly misread the statements from Phrack, the central issue at hand was the introduction of deliberate weaknesses, not trojans. Do any of you have anything to say about that? When you say "look for yourself" surely you don't mean to claim that Average Joe Admin has the requisite skillset and detailed knowledge necessary to spot something potentially that subtle? And would anyone care to address the "off-by-one's, integer overflows, and logic bugs" m1lt0n alluded to in his or her article about Snort? How do you intend to counter the effects of Sneeze? Any comments on the Sebek piece? How confident are you in people who are doing your code review, anyway? I honestly hope the PHC does the same to every last one of the components of Project Honeynet: Honeyd, VMWare, the works. Whether you choose to admit it or not, the latest releases from Phrack do more to further the improvement of these technologies than the vast majority of researchers who are scared stiff at the prospect of losing funding. You complain now and tisk-tisk about the PHCs "juvenile" approach and tell yourselves it's all social engineering, but why not ask yourself where you'd be if they chose to sit on the papers they released yesterday instead? Ignoring people because you find them distateful doesn't make the problem go away. Hot tip for the initiated: With this bounteous cornucopia of unintended assistance from Phrack, it's better than even money that Major Martin and friends are likely to start asking some serious questions about all the money they've been pouring into substandard and intellectually dishonest research products. And don't think they don't know about who you've been corresponding with and trying to impress with your work, either. You aren't as slick as you think you are. If these recent embarrassments don't result in SIGNIFICANT improvements in Snort and a top-to-bottom review of honeynet design, I strongly suspect there's going to be some serious consequences. Just a wee hunch. I swear to God if I had a hundred thousand dollars in unmarked bills right now, I'd hand it over to the Phrack men this very minute with a hearfelt "thank you". In sum, "Everybody relax"-- the eternal refrain of the con artist-- might be good enough for people likely to be swayed by such assurances (or those who prefer to stick their heads in the sand to avoid unpleasant truths) but unfortunately for you, some of the people you've been working with demand a hell of a lot more. By the way, your explanation of how your machines were owned was one of the most disgraceful cop-outs I've seen in a long, long time. Evolve or die, Matsu. "who must be just some zit-faced chink PHC kid posting trolls from his mother's basement". (I have no interest in addressing your ad-hominem attacks, so I just thought I'd say it for you and get that out of the way.) -----BEGIN PGP SIGNATURE----- Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com iQA/AwUAP3DHf2M5xTGTuR0REQKFvACeK1INlkC0a+y/nn2u5d1gfX99RL8An2L/ QR6ZTONuJk0p8Lc2x4KEa5pl =GNIL -----END PGP SIGNATURE-----
Powered by blists - more mailing lists