lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: attica at stackheap.org (S . f . Stover)
Subject: re: openssh exploit code?

On 20 Oct 03 06:13:31AM mitch_hurrison@...lip.com[mitch_hurrison@...lip.com] wrote:
: Let me break it down some more for you:
: 
: 1) You rely on other people to give you the information
: needed to exploit the bug.

Let me reiterate - I'm not relying on anyone for anything.  I made a simple
request for help.  I'm truly sorry that this offends you... actually I'm not.

Perhaps another list would be more appropriate for someone of your beliefs.

: 2) You've clearly stated that you are incapable of determining
: possible exploitation yourself.

Nothing is impossible - it just takes me longer.

: 3) You acknowledge that the bug has already been publicly
: recognised, or fully disclosed if you will, as being a 
: security issue. With full details of the bug and full source
: available.

Yep.

: All of the above combined leads me to believe you're just 
: another run-of-the-mill info-sec "professional" with a 
: hardon for the "dark side". Fact remains you have absolutely
: no need for this exploit. Who am I to decide this? I'm not
: deciding anything, I'm drawing a logical conclusion.

So what?  Like I really care about conclusions you have drawn?  You've made
your point (abundantly).  You are convinced that I'm a lamer - and that's just
fscking fine with me.

Now go away.

: Explain to me how "fully disclosing" exploit code for this
: bug would in any way further the full disclosure process
: you seem to hold so dear.

I didn't make my request to "further the full disclosure process" - I did it
to help me learn.  It's evident you have a problem with that.  Consider that
fact duly noted and then go away.

: Again, as to your argument that you want to find out "how this bug works".
: You have the full bug details available. Somehow I doubt you've
: even been able to trigger the memset crash. It's your highschool-esque "do my homework for me" attitude which 
: I find so offensive.  

Faulty analogy.  I don't have an "assignment" to turn in and be graded on.
I'm not trying to steal someone else's work and pass it off as my own.  I just
want to learn more about this particular exploit.  I'm sorry that's such a
crime.

I do know that if I had spent this time researching instead of replying
to your horsepiss e-mails, I'd be further along.

And with that note, I bid you adieu.  Flame me all you want.  You've degraded
me enough - and hopefully this has served as a sufficient launchpad for
inflating your ego.


-- 

aka Dolph Longhorn
attica@...ckheap.org
GPG Key ID: 0xF8F859D0
http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index

"There is no such thing as right and wrong, there's just popular opinion."
-Jeffrey Goines
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031020/d08ad0bc/attachment.bin

Powered by blists - more mailing lists