[<prev] [next>] [day] [month] [year] [list]
Message-ID: <21CEFB435C61D411B7B500E04C684D360C92FB@brdntpdc>
From: JGommers at gfo.nl (Gommers, Joep)
Subject: RE: remote kernel exploits?
Ola
Couldn't agree more, if indeed such a exploit (and therefor a bug) exist it
must be brought to the surface. Maybe notifying our friends at honeypots@
would be a good idea, finding ways to detect such a attack.
Joep
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi again
A number of people have pointed out to me that ~el8 is a group,
not an individual. My bad on that point. It's also apparent
that many are afraid to stick their necks out when mentioning
this group, judging by the number of emails sent to me that
weren't CC'd to the lists.
I really don't understand what the problem is. Isn't it in our
best interests to openly discuss these remote kernel
vulnerabilities? Or is everyone content with this group of
kids being able to gain access to almost anything they
choose just because of someone's choice of operating system? And
what kind of researcher would've given them these tools before
notifying the rest of us anyway? I really think it's time
to let the cat out of the bag on this issue.
It's been reported to me that if the vulnerability rumours are
true, then even most firewall setups would be completely futile.
So am I just supposed to remain quiet about this like everyone
else and hope I'm not attacked?
My friend told me that there is no guarantee that any source
tree fixes actually fix the bugs that these kids have access
to. So in other words, unless one of these brats comes forward
or the irresponsible security professional who was reckless
with the information, we can never be sure that we have an
operating system with these bugs fixed.
If they don't deface websites with these exploits, then what
do they do? Steal credit card information? Makes little
difference to my argument.
Powered by blists - more mailing lists