lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ge at linuxbox.org (Gadi Evron)
Subject: To anybody who's offended by my disclosure
 policy

kf_lists wrote:
> Gadi Evron wrote:
> 
>> He is not a messenger, he is the executioner.
> 
> 
> Nah... its more like Microsoft is one of the executioners... they lead 
> all the sheep to slaughter every time they release a new piece of 
> software. Skylined just reminded you of where they are taking you.

I like people who let me know there are threats out there. I even like 
people who release vulnerabilities - full disclosure or not.

As a friend of mine just pointed out, it also makes my life as a 
security professional a lot easier, knowing that at least one more 
vulnerability is out and known.

I cannot, however, in any case, agree to listen to kids who whine and 
SAY "Yeah, I release it `cause I want attention.. and I send it to the 
whole world like this because I can.. OH! and the mydoom author should 
go to jail for breaking GPL on my code!!"

Give me a break. I feel as if it is this guy that makes my, private, 
world as a security professional so much more difficult.

Security people should be reliable. This guy is nothing but.

Why not make biological weapons.. put them on the market for sale and 
say: "What?! They violated GPL when they used it!"

Naturally the comparison cannot be made, it was just important for me to 
make a point.

MS does suck at how they do (or don't do) security. MS is liable (in my 
mind). What does MS have to do with this guy's search for attention, as 
he admitted, and his war with vendors who actually patch bugs quickly 
and who do serious QA?

As to me making a stand against MY VENDOR - I do. And with Linux, I try 
and actually help. Do you? All I see you do is yell "MS IS EVIL".

Try SUPPORTING Mozilla, for example, instead of YELLING "MS IS EVIL!".. 
or releasing so-called 0days, doing more harm than good. If exploitable 
(which this wasn't - how not l33t of him), phishers and spammers and 
worms would already be using it, and the guy would be crying out: "WHAT? 
THEY BROKE GPL!!!" while thousands of people lose their PC's along with 
Millions in losses.

I appreciate ANY reverse engineer. I appreciate ANY serious security 
professional.

I don't appreciate kids who wage wars for their own fame.

Grow up.

	Gadi.

Powered by blists - more mailing lists