lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030120234728.8965.qmail@web14712.mail.yahoo.com>
From: anoncoder at yahoo.com (Jack Ahz)
Subject: CVS REMOTE VULNERABILITY + STEFAN ESSER : UNSCRUPULOUS

It comes to our attention that certain 'security professionals' abuse their
knowledge of certain vulnerabilities or software - whether through the auditing
of proprietary source trees that ISS does, or by faking GDB output....

But perhaps the greatest abuse is generated by the most unethical whitehat
known as 'Steffan Esser.'

What is worse than somebody who preys on the findings and hard work of others
and passes it off as his own? 
This is something that Steffan Esser has done consistently, releasing
moderately high-profile vulnerabilities that other people have discovered, for
which he claims credit.

What are the chances that several talented individuals find some good remote
bugs, and start exploiting them in the wild (or the source code leaks), and
immediately afterwards, Stefan Esser has located the vulnerable code, written
an exploit for it, and published an advisory?

Example: We all remember the remote php mime bug found by teso... leaked to irc
and then shortly later published by Esser.

Next we have the mysql locals, and now the cvs remote... all of which were
found by the same person, then shortly afterwards conveniently "found" by
e-matters security, researched, and published. 

Refuse to acknowledge/support whitehat criminals who siphon off the
intellectual property of others and attempt to capitalize on it.

If people are going to act like jackasses, and publish bugs/exploits, then they
should at least find their own. Nobody likes e-matters/lcamtuf/netcat.it style
advisories, and these people will be promptly tossed into the whitehat oven and
incinerated in the future.

Oo~-* Good day *-~oO

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ