lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 25 May 2008 22:57:40 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: IOS rootkits (fwd)

On Sun, May 25, 2008 at 11:37 AM, Gadi Evron <ge@...uxbox.org> wrote:
> One thing we did not do in these threads is to thank Core Security and
> Sebastian Muniz for the work, and releasing it to help make the world
> safer.
>
>        Gadi.

No I don't think the world is safer, in fact the presentation release
onto the internet has been gagged because its too dangerous to release
it yet.

I do not thank Core Security I think the whole thing has been handled
badly by EUSecWest and CORE Security, they rushed out the announcement
of the presentation, with little time for the government, the security
industry and CISCO enough time to evaluate what was
going to be presented.

The presentation was rushed through to meet a ticket sales deadline
agenda, no thought for security or polite time frame for all involved
to evaluate, prepare and coordinate.

Announcing the presentation slot with only 2 weeks or so before the
presentation is to be given is an unacceptable behaviour.

If you want to know why Cisco didn't have anything up on their site or
that the information they provide isn't what you're wanting, its
because Cisco has had hardly anytime to prepare it.

Cisco and the government had to accommodate a ticket sales deadline
time frame, not the desired time frame before the conference that they
would have hoped for.

This is why the presentation isn't being released online yet, Cisco,
the security industry and the government need more time.

If anyone has any contracts with CORE Security I suggest you drop them
at the earliest opportunity.

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists