lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 10 Jul 2012 23:41:02 +0000
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: "paul.szabo@...ney.edu.au" <paul.szabo@...ney.edu.au>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	"mutin@...monwealthcare.org" <mutin@...monwealthcare.org>
Subject: Re: Full-Disclosure Digest, Vol 89,
 Issue 11: ] How much time is appropriate for fixing

I replied all; the statement was to Guninski alone.  Even if I didn't this
is a mailing list and grammar or spelling don't matter.  Note I won't
mention your use of "proffering."

Regardless, let's see if I understand you.  You are saying one should not
agree with someone who ascribes behavioral (our spelling) patterns to
others based on their own character traits, yet you are telling him he
"cannot possibly agree."  It's OK for you to tell him what he can or can't
believe in, but it's not OK for me to voice my own opinion?  How exactly
does that make you any different than I?

Did Georgi find some bugs in software that anyone could have found a
decade ago?  Sure. And good for him.  My point was the WAY he went about
working with the vendor and disclosing it.  Defend him all you like, but
no one was helped in those cases, and many many people were hurt.  This
isn't "opinion," this is fact you can look up for yourself.  Look at
people like Michal Zalewski - he discovered god knows how many bugs in god
knows how many browsers and he was professional about the whole thing.

If you are actually arguing against the claim that disclosure is an
ego-driven process (again, where purposefully and deliberately sought
after) and are defending Georgi at the same time then all I can do is wish
you luck with your life's perceptions.  You are of course free to think
what you want, how you want, and when you want - I'll just disagree with
you.

t 
  



On 7/10/12 3:40 PM, "paul.szabo@...ney.edu.au" <paul.szabo@...ney.edu.au>
wrote:

>Dear Mikhail,
>
>>> From: "Thor (Hammer of God)" <thor@...merofgod.com>
>>> To: Georgi Guninski <guninski@...inski.com>, Stefan Kanthak
>>> 	<stefan.kanthak@...go.de>
>>> Cc: "full-disclosure@...ts.grok.org.uk"
>>> 	<full-disclosure@...ts.grok.org.uk>
>>> 
>>> I'm not contradicting myself at all - in fact, *you* are the exact
>>>type of
>>> person I'm talking about.  You couldn't give a rat's ass about the
>>> industry or anyone but yourself.  Nothing you have ever done has been
>>> "valuable" to anyone other than you; it has been completely
>>>self-serving
>>> egotistical bullshit.
>>
>> I completely agree with Thor. ...
>
>You cannot possibly agree with someone who addresses two people in the
>singular. You should not agree with someone who ascribes behaviourial
>patterns to others, based on his own character traits.
>
>Are you familiar with Georgi's work? Please look at his website before
>proffering opinions.
>
>Cheers, Paul
>
>Paul Szabo   psz@...hs.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
>School of Mathematics and Statistics   University of Sydney    Australia
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ