lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 11 Nov 2011 17:49:02 -0500
From: Jon Kertz <jon.kertz@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
 Could Allow Remote Code Execution (2588516)

On Fri, Nov 11, 2011 at 5:28 PM, xD 0x41 <secn3t@...il.com> wrote:
> I am shocked, howmany socalled 'skilled' people, cannot get this bug
> to work...  but, theyre NOT the ones whining about code :)

I didn't ask for a proof of concept, I told you to explain the bug
and/or your claims with code. There is a difference.

You've come here making some outrageous claims that you can trigger
the bug with one packet, how we're all wrong about the timing aspect
of the bug, and even a rather unusual description of the bug itself
(which was difficult to interpret, but seems flat out wrong, however
it may be due to the language barrier). We can look beyond your broken
English and read code, whether it be disassembly or a proof of
concept, then determine if your claims are sensible or not. You've
made statements that seem to indicate have analyzed the bug and
attempted to describe it, so I'm asking you to put that in a form we
can all understand and that isn't bound by language limitations. I can
read disassembly, I can't read and comprehend your English.

I'm trying not to jump to conclusions here, but so far you've made
claims that no one else seems to back up and it appears you are just
blathering and foaming at the mouth to appear l33t like a lot of other
people talking about this bug. You can resolve that by providing code
to prove your claims, otherwise no one is going to listen to you or
care.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ