lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 22 Dec 2008 10:44:38 -0600
From: "Michael Krymson" <krymson@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft issues out-of-band patch

1) Are you running low on meds this late in the month? If so, do we need to
start a collection so you can afford them in time before you subject us with
further ranting, raving, and lunacy? Actually, I wouldn't mind ranting,
raving, and lunacy if it came from someone who wasn't also stupid and
completely oblivious to their own plight...

2) Further comments are inline although I expect you won't bother to
adequetely address them, ever.

On Fri, Dec 19, 2008 at 8:50 AM, n3td3v <xploitable@...il.com> wrote:

> "The software giant rushed out a fix for the security issue in eight
> days, following its discovery that online criminals were using the
> flaw to attack Internet users."
>
> http://www.securityfocus.com/brief/873
>
> This is because they usually hold back disclosure and patch release so
> the intelligence services can backdoor criminal and terrorist pc's.


Do you have anything to back this claim?


>
>
> We're not saying Microsoft has never been capable to release a patch
> in eight days, we're saying there is an agreement with the government
> not to, unless a flaw is publicly known and is affecting the
> internet-at-large.


Do you have anything to back this claim?


>
>
> There are a ton of zero-day that Microsoft and the government know
> about and are used for intelligence purposes, they are kept secret
> unless the public know about it and the zero-day becomes a threat to
> the government.


Do you have anything to back this claim?


>
>
> Though the fact is this, MI5 have zero-day that not even Microsoft
> know about and not only this, MI5 have their systems patched against
> flaws that are not known about by other entities.


>
> What i'm saying is this: MI5's systems are patched against flaws that
> only they know about and their technicians have developed their own
> in-house patches for them.


 Fact? Now you're really needing to cite some sources or backing, otherwise
this is, in fact, not fact.

You are not technically inclined. You have said it yourself and have
demonstrated such for years on this list. So I'm not surprised you don't
understand patching and vulnerability research. Maybe they have their own
mitigations and workarounds, but that is a certainly different ballgame.


>
>
> If that isn't impressive I don't know what is.


The only thing impressive is how oblivious, delusional, and incompetent you
are.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ