lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <004701c23907$b0c74980$0201000a@k7ezizjvt9gjdv>
From: dotslash at snosoft.com (KF)
Subject: for the record... (Tru64 / Compaq)

I can't seem to get this to bugtraq ... darn mime types keep barking at me... someone wanna forward it. 
-KF

  ----- Original Message ----- 
  From: KF 
  To: full-disclosure@...ts.netsys.com ; bugtraq@...urityfocus.com ; recon@...soft.com 
  Sent: Wednesday, July 31, 2002 7:42 PM
  Subject: [Full-Disclosure] for the record... (Tru64 / Compaq)


  http://www.msnbc.com/news/788216.asp?0dm=T14JT

  Clarke cautioned that hackers should be responsible in reporting programming mistakes. A hacker should contact the software maker first, he said, then go to the government if the software maker does not respond soon.

  ------------------------------------


  For the record... we contacted HP(at the time Compaq), and CERT several times. I attached the original version of our su exploit (not the one that phased leaked) to NIPC and to CERT BOTH. We recieved an extremely long delay at CERT before they even responded. At that point I called CERT 2 times to see what the heck was going on and eventually I establish contact (Ian Finley). I also mailed nipc.watch@...c.gov or whatever the email address on their page was. They didn't mail back ... no auto responder or nothing. ( I mailed the back weeks later and said I was shocked that I got no response and still got nothing back). I then called the NIPC hotline 3 times. The first 2 times I called I spoke to someone that should have been flopping whoppers "uhhhh a non-executable computer security what... let me send you to so and so's voicemail". Then I called back a week later and gave them the CERT vu numbers (after CERT finally responed). I left my cell phone number on someones voicemail again at NIPC... no one called me back. 

  I deeply regret the fact that one of my team members plagerized another and leaked some code but my god people WE TRYED to give SEVERAL people a heads up! 

  -KF 


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020731/345143d0/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ