lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200209131443.g8DEhoG19875@mailserver4.hushmail.com>
From: isergevsky at hushmail.com (isergevsky@...hmail.com)
Subject: RE: remote kernel exploits?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



>If this group of coders el8 (yes, I heard about them before - I
> remember
>somebody got the wu-ftpd 2.6.2 exploit from them a few weeks be
>fore it was
>released) would have such type of exploits than it's only a mat
>her of weeks
>before it's gonna show up.
>

Not everybody cares about disclosing bugs as you SURELY don't know. The ~el8 team are supporters/initiators of 'Project Mayhem', an underground movement trying to bring the internet to its knees. They will not disclose such thing. Ac1dB1tch3z are aswell supporting this movement.

>Since they're underground they're probably not looking for mone
>y but fame (if
>they really want to steal cc information all they have to do is
> search google
>for orders.dbf cart32.exe and God knows what other insecure web
>cart
>releases.). So if they're looking for fame they will probably r
>elease in a
>few weeks or so some kind of exploit (with something like "wors
>hip us 'cauze
>we are the gods of coding" in the coments).
>
Hahahaha! Not *EVERYBODY* cares about hacking into pr0n websites to grab warrez. Besides, these guys seem to have more skill than u can imagine and they don't care about YOU or other kiddies like you 'worship' them or not. Disclosing such a bug (if it exists) would mean TOTAL HAVOC on InterNet structure.

>Yes, it's true that a kernel exploit would pass firewalls becau
>se 99% of
>firewalls are based on kernel. But i don't think that it would
>be the end of
>the world. Because the reason we love open-source is the speed
>of patching
>it. And if it's gonna be an exploit, there's certanly gonna be
>a patch for
>it. Apache, OpenSSH, OpenSSL are all widespread services yet th
>ey all have
>been vulnerable... we survived. We're still here... my server's
> are still not
>compromised... So have no fear cause "In open-source we trust"
>
>--

>-------------------
>Proud member of PentaGuard
>"Making the net a safer place since 1998"
Let me laugh my ass off, please! Since when does PentaGuard care about security? Last time i checked you guys were a lame defacing group using IIS 4.0 exploits to own .mil sites. As people found out that the bug exists (after 1 year since it was posted on bugtraq) your group's activity was reduced to zero. You have no clue about the scene or *nix. Please, dont make a fool out of yourself and shut up.
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wl8EARECAB8FAj2Ck/MYHGlzZXJnZXZza3lAaHVzaG1haWwuY29tAAoJEMfRnqqodk8T
SwkAn068ZgxaYV2d14L0MZE1Dc//+WiaAKCMeolS1wwqZsdG1PFizSPlQe7+cg==
=aphN
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ