| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200209131027.20390.halbasus@go.ro> From: halbasus at go.ro (HalbaSus) Subject: RE: remote kernel exploits? If this group of coders el8 (yes, I heard about them before - I remember somebody got the wu-ftpd 2.6.2 exploit from them a few weeks before it was released) would have such type of exploits than it's only a mather of weeks before it's gonna show up. Since they're underground they're probably not looking for money but fame (if they really want to steal cc information all they have to do is search google for orders.dbf cart32.exe and God knows what other insecure webcart releases.). So if they're looking for fame they will probably release in a few weeks or so some kind of exploit (with something like "worship us 'cauze we are the gods of coding" in the coments). Yes, it's true that a kernel exploit would pass firewalls because 99% of firewalls are based on kernel. But i don't think that it would be the end of the world. Because the reason we love open-source is the speed of patching it. And if it's gonna be an exploit, there's certanly gonna be a patch for it. Apache, OpenSSH, OpenSSL are all widespread services yet they all have been vulnerable... we survived. We're still here... my server's are still not compromised... So have no fear cause "In open-source we trust" -- ------------------- Proud member of PentaGuard "Making the net a safer place since 1998"
Powered by blists - more mailing lists