lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Oct 2010 19:01:03 +0100
From: "Cal Leeming [Simplicity Media Ltd]"
	<cal.leeming@...plicitymedialtd.co.uk>
To: Christian Sciberras <uuf6429@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: ipv6 flaw (is bullshit)

So.. im confused.. Is there actually a 'sploit in the wild then, or is this
all bs?

On Tue, Oct 26, 2010 at 6:56 PM, Christian Sciberras <uuf6429@...il.com>wrote:

> > Why don't you all STFU and go play with your little IRC bots!
>
>
>
>
> I was wondering, did anyone actually miss the point?
> Over and out.
>
>
>
>
>
> On Mon, Oct 18, 2010 at 11:10 AM, Christian Sciberras <uuf6429@...il.com>
> wrote:
> >
> > Why don't you all STFU and go play with your little IRC bots!
> >
> >
> >
> >
> > On Mon, Oct 18, 2010 at 11:08 AM, PsychoBilly <zpamh0l3@...il.com>
> wrote:
> >>
> >> Anyways...
> >>
> http://images.encyclopediadramatica.com/images/thumb/e/ed/Internet_business.jpg/569px-Internet_business.jpg
> >>
> >> [[   Andrew Auernheimer   ]] @ [[   18/10/2010 10:58
> ]]--------------------------------------------------
> >> > ---------- Forwarded message ----------
> >> > From: Andrew Auernheimer <gluttony@...il.com>
> >> > Date: Mon, 18 Oct 2010 04:51:59 -0400
> >> > Subject: Re: ipv6 flaw
> >> > To: edit@...et.com.au
> >> > Cc: Eugene Teo <eugene@...hat.com>
> >> >
> >> > Dear ZDnet,
> >> >
> >> > This story:
> http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm
> >> >  is someone talking straight out of their ass. We have no such
> >> > exploit, If we did have such an exploit, there is absolutely no way we
> >> > would share it with external parties. Not 4chan, not anyone. Due to
> >> > the immense success and resiliency of the Linux platform, a 0-day
> >> > kernel remote is worth serious money ($100k+ if you know the right
> >> > buyers), and we would have given it to the highest bidder or put it on
> >> > Bugtraq for maximum industry publicity. We would not have given it
> >> > away for free to ineffectual idiots in their moms basements who aren't
> >> > accomplishing anything.
> >> >
> >> > Beyond that, many of my closest friends make their living off of
> >> > intellectual property. I do not support defacement and DDoS as a
> >> > method of protest against anything, especially not a childish protest
> >> > against copyright. Authors have a right to charge however much they
> >> > please for their creative works. The people involved with these DDoS
> >> > attacks and web site defacements need to grow up and do something
> >> > useful with their lives.
> >> >
> >> > This article is ridden with a number of verifiably false errors. I'm
> >> > sure a quick talk with Eugene from the Red Hat Linux corporation (he
> >> > is cc'd to this email) could get you in touch with Linus who could
> >> > confirm that no such communication with us ever existed. In addition,
> >> > while I am probably one of the most skilled web application and
> >> > browser exploit hackers in the world, I do not do kernel bugs. I have
> >> > never done kernel work, with the exception of some stuff I did years
> >> > ago related to Mac OS X kext. Every single bit of my previous public
> >> > research has been related to a web browser bug or a web application
> >> > bug. If someone in Goatse Security were to be involved with the
> >> > creation of a kernel-related exploit, it would not be me.
> >> >
> >> > Lastly, my contact info is amazingly public. I was awake and checking
> >> > my email when your story was posted, and for the 11 or so hours
> >> > preceeding it. I have also talked with reporters at ZDnet previously,
> >> > including ZDnet Australia. So the next time you have the urge to print
> >> > libelous, sensational misinformation defaming both the integrity of my
> >> > information security working group and the security of Linux, please
> >> > give me an e-mail or phonecall first. The contact info is on the
> >> > Goatse Security website. I should be informed of this stuff by your
> >> > "journalists" (who are supposed to do things such as contact parties
> >> > involved in a suspect claim from a random anonymous idiot on the
> >> > Internet) and not someone from a major software vendor.
> >> >
> >> > Thanks,
> >> > weev
> >> >
> >> > On Mon, Oct 18, 2010 at 2:35 AM, Eugene Teo <eugene@...hat.com>
> wrote:
> >> >>
> >> >> Hi Weev,
> >> >>
> >> >> I read a ZDNet news report that you have discovered a Linux kernel
> vulnerability, and I am wondering if you will be willing to share the
> technical details of the flaw.
> >> >>
> >> >>
> http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm
> >> >>
> >> >> Thanks, Eugene
> >> >> --
> >> >> Eugene Teo / Red Hat Security Response Team
> >> >
> >> > _______________________________________________
> >> > Full-Disclosure - We believe in it.
> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> > Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 

Cal Leeming

Operational Security & Support Team

*Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
support@...plicitymedialtd.co.uk
*Fax: *+44 (02476) 578987 | *Email: *cal.leeming@...plicitymedialtd.co.uk
*IM: *AIM / ICQ / MSN / Skype (available upon request)
Simplicity Media Ltd. All rights reserved.
Registered company number 7143564

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ