lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 13 Dec 2007 09:55:32 -0800
From: "Andrew A" <gluttony@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Full-Disclosure Digest, Vol 34, Issue 31

On Dec 13, 2007 12:10 AM, Kristian Erik Hermansen <
kristian.hermansen@...il.com> wrote:

> Andrew, you certainly are misinformed.  I did not claim authorship for
> anything, as you say.

You have no credibility. You've been spewing lies and claims of shellcode
authorship in a bunch of interviews in San Francisco. I have heard from
multiple people about your claims in interviews. These people I have known
for years as solid reverse engineers and exploit developers. They have
worked for years in pentesting, vuln assessment and auditing, and -never
plagiarized the work of others-. You work as desktop support and insult your
employer in your shitty blog. The entire SF based infosec scene is fucking
laughing at your antics. Personally, I stopped laughing and can feel only
disgust at your very presence.


> This whole discussion started with presenting the fact that the
> favicon issue could be a useful attack vector that people may not have
> thought of before.  I can't change the fact that people in the
> security community will always be hostile.

No, this discussion started when you claimed that there was a "gmail/google
bug, all accounts vulnerable". Lets run through the definition of web app
vulnerability for your "vuln". Can you:
* Steal a cookie or otherwise execute privileged javascript on the target
while the user is logged in? -no-
* Perform priviledged actions upon a user's account while they are logged
in? -no-
* Access private data, such as email content? -no-

You are a worthless fraud, a hype machine. This would be hilarious if you
were intelligent and trying to infuriate people, but instead you're hoping
someone reading this list will be dumb enough to hire you. Sorry, try again
Kristen. You're just setting yourself up to be the next n3td3v.



>  Ask anyone who has
> had a drink with me, or even too many drinks!

Passionately bi-curious queer date rapist?


> Even if I poke fun at people, it is usually in a fair way, showing
> reason to feel that way.  Your attitude is based on things which are
> made up, false, and you have no base to stand on with such hostility.

I have every base to stand on when calling out a lying, plagiarizing fraud.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ