| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: attica at stackheap.org (S . f . Stover) Subject: re: openssh exploit code? On 20 Oct 03 06:13:31AM mitch_hurrison@...lip.com[mitch_hurrison@...lip.com] wrote: : Let me break it down some more for you: : : 1) You rely on other people to give you the information : needed to exploit the bug. Let me reiterate - I'm not relying on anyone for anything. I made a simple request for help. I'm truly sorry that this offends you... actually I'm not. Perhaps another list would be more appropriate for someone of your beliefs. : 2) You've clearly stated that you are incapable of determining : possible exploitation yourself. Nothing is impossible - it just takes me longer. : 3) You acknowledge that the bug has already been publicly : recognised, or fully disclosed if you will, as being a : security issue. With full details of the bug and full source : available. Yep. : All of the above combined leads me to believe you're just : another run-of-the-mill info-sec "professional" with a : hardon for the "dark side". Fact remains you have absolutely : no need for this exploit. Who am I to decide this? I'm not : deciding anything, I'm drawing a logical conclusion. So what? Like I really care about conclusions you have drawn? You've made your point (abundantly). You are convinced that I'm a lamer - and that's just fscking fine with me. Now go away. : Explain to me how "fully disclosing" exploit code for this : bug would in any way further the full disclosure process : you seem to hold so dear. I didn't make my request to "further the full disclosure process" - I did it to help me learn. It's evident you have a problem with that. Consider that fact duly noted and then go away. : Again, as to your argument that you want to find out "how this bug works". : You have the full bug details available. Somehow I doubt you've : even been able to trigger the memset crash. It's your highschool-esque "do my homework for me" attitude which : I find so offensive. Faulty analogy. I don't have an "assignment" to turn in and be graded on. I'm not trying to steal someone else's work and pass it off as my own. I just want to learn more about this particular exploit. I'm sorry that's such a crime. I do know that if I had spent this time researching instead of replying to your horsepiss e-mails, I'd be further along. And with that note, I bid you adieu. Flame me all you want. You've degraded me enough - and hopefully this has served as a sufficient launchpad for inflating your ego. -- aka Dolph Longhorn attica@...ckheap.org GPG Key ID: 0xF8F859D0 http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index "There is no such thing as right and wrong, there's just popular opinion." -Jeffrey Goines -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031020/d08ad0bc/attachment.bin
Powered by blists - more mailing lists