lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5.1.0.14.2.20030426102438.045b3e20@yoshimo.webtechs.idg.nl>
From: msopacua at idg.nl (Melvyn Sopacua)
Subject: pissed off 

At 17:50 25-4-2003, Valdis.Kletnieks@...edu wrote:

>On Thu, 24 Apr 2003 23:36:22 CDT, cyn0n@...ealbox.com  said:
> > greets-
> >   Is anyone else pissed off at stupid shit like this flying around lists
> > that are supposed to be respectable? Arguing over this type of stuff and
> > even reporting this is just the most stupid fucking thing I've ever
> > seen.
>
>Umm.. I've seen lots of stupid shit on lists, but I have to disagree with
>your assessment of this as "stupid shit".  We have the following:

[ snip i18n note ]

>1) somebody (badpack3t? attrib/quoting lost) posts a vulnerability
>in Xeneo.
>
>2) Tamer Sahin posts that it was a known thing already posted, and that
>people shouldn't post without searching first.  Quite politely phrased
>and good advice.
>
>3) badpack3t posts back saying that this vulnerability is a new and different
>one, and asks for clarification from Tamer of why he thinks it's the same 
>hole.
>Everybody is being mostly civil, and there's a definite lack of any ad-hominem
>attacks.  If badpack3t *has* found a different hole, then he certainly
>deserves credit for it, and Tamer owes him a "Sorry, you're right, that's
>a different hole".

If you try objectify the conversation do it well:
1) vuln post
2) Hey, that's mine, I own that and you are violating copyright law
3) That's a different hole, unless I'm mistaken.

The stupid part, which has been annoying me as well, is nr. 2.
The focus in part 2 is not the vulnerability, but a psychological defect in 
Tamer
Sahin's selfesteam, accompanied with legal crap about owning rights to 
discoveries
of other people's mistakes.

What IS that copyright stuff anyways? Are we now 'legally owning karma'? Is 
credit
for a vulnerability profitable? Can you borrow money on your 'stock of legally
owned vulnerability advisories'? Or is it yet another reason to sue the 
hell outof
competitors, for reasons of 'loss of possible income, derived from the 
publicity'?

I don't work for a security company, so please explain.


Met vriendelijke groeten / With kind regards,

Webmaster IDG.nl
Melvyn Sopacua

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ