lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4064B446.3070103@gentoo.org>
From: method at gentoo.org (Joshua Brindle)
Subject: Talk in #grsecurity

Dave Aitel wrote:

> 
> 
> Joshua Brindle wrote:
> 
> |
> | So I ask grsecurity fans, why would you run the software of someone
> |  no better than the people trying to crack your machine? This is
> | not responsible behaviour and shows a clear disregard for security
> | and safety of others.
> |
> 
> Whatever. It shows a clear disregard for people using half-solutions
> which don't work. This is normal behavior. The fact is that grsecurity
> is a hundred times better then the alternatives - and anyone using the
> alternatives has made some sort of comprimise that leaves them open to
> attack, and probably already knows it.
> 
> -dave
> 

It isn't in the best interest of anyone aside from himself. If he knows 
about an execsheild vulnerability and is waiting for it to get installed 
a few thousand machines before releasing it he is being malicious. 
Fedora users didn't choose execshield, Redhat chose it, and it isn't 
their fault. One could argue that it's their fault for installing Fedora 
but clearly they don't know any better if this vulnerability hasn't been 
released. This is totally irresponsible and is basically an ego booster 
and way of supporting grsec by causing problems to otherwise innocent 
users. If you really think this is helping anyone then you might want to 
step back and look at the situation again.

Spender is not a security professional, he's a backhat plain and simple. 
This is *not* how a responsible, mature whitehat would act. Waiting for 
an opportune time to release an exploit is playing bad politics and if 
you wish to participate in that shady behaviour be my guest but I 
suspect there are other people here that might not be so trusting of 
spender now.

Also, this is a call to spender to put up or STFU, his little fiasco 
about cokers selinux demo machine being cracked was absolutely unfounded 
, there is no evidence and the person he claimed did it said that he did 
no such thing. Spender talks alot of crap about other projects, claims 
that there are bugs in their code, etc. This, again, is the behaviour of 
an antisocial child, not a security professional.

Joshua Brindle

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ