lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: booger at unixclan.net (security snot)
Subject: No Subject (re: openssh exploit code?)

Yeah, Paul, you're a real smart guy I see!  Just like everyone else who
wants to see one of the exploits for the bug, you try to taunt those of us
who are somewhat skilled at programming and have already developed our own
commercial grade exploits to release what we have slaved over.  Of course,
you can keep using words like l33t and drop whatever other insults you
want towards us - keep in mind, you're the one who isn't technically
skilled enough to:

1) Figure out how to exploit the bug
2) Figure out why the bug isn't exploitable, and provide a technical
argument against it

So my owned friend, before you insult anyone on this list again, first get
a fucking clue and become learned enough to at least not allow leaders of
the security community like Ron Dufrense not make you look stupid every
time you open your mouth.

-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------

On Tue, 21 Oct 2003, Paul Schmehl wrote:

> --On Monday, October 20, 2003 5:19 PM -0700 "Gregory A. Gilliss"
> <ggilliss@...publishing.com> wrote:
>
> > Hi,
> >
> > Maybe I missed something here...
> >
> No, you didn't.
>
> > I'm an assembler jockey from BITD and I know a few things about alloc/
> > calloc/malloc and heaps and stacks etc. So what's the key, may I ask,
> > to this heap exploit that was the origin of this thread?
> >
> You're never going to find that out, Gregory, because mitch, our l33t code
> monkey, is keeping the code to himself.  Now mind you, he *assures* us that
> it's easy to 'sploit, so we're just gonna have to take his word for it.
>
> But you'd better patch now, 'cause he's gunnin' for ya.
>
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ