| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jul 2008 18:48:43 -0300 From: Arturo 'Buanzo' Busleiman <buanzo@...nzo.com.ar> To: Valdis.Kletnieks@...edu Cc: full-disclosure@...ts.grok.org.uk, Brad Spengler <spender@...ecurity.net>, dailydave@...ts.immunitysec.com Subject: Re: Linux's unofficial security-through-coverup policy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Valdis.Kletnieks@...edu wrote: | Similar reasoning applies to almost all uses of Linux in the embedded | world - if you already have code running on the cell phone, there really | isn't *anything* you can do by abusing something like the setldt() bug | that you couldn't *already* do to the box. I so agree! :) - It reminds me of an argentina group that released an "advisory" about a root exploit... that required root privileges to be exploitable. I LOLed (and was embarrassed, too, I'm an argentine) for a week. - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfmy7AlpOsGhXcE0RCi41AJ48aEeDDCVH2ueY/9DGa3KmcCEaQgCfUmDN TSAb2cS0yc+jv7McBoIwe0I= =WmQg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists