lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040327121216.GA279@devbox.adamantix.org>
From: peter at devbox.adamantix.org (Peter Busser)
Subject: Talk in #grsecurity

Hi!

> I was there and the conversation most certainly happened, in fact you 
> can see when i joined in the pasted converstation.
> 
> The reason the conversation was posted is because this is full 
> disclosure where I assume at least the majority of people actually 
> believe in full disclosure and people keeping vulnerabilities secret 
> isn't exactly kosher. This in particular is what i'm refering to
> 
> [22:40] <BlackNet> how many do you have that's not released?
> [22:41] <spender> 2 for exec-shield
> [22:41] <spender> 3 for systrace
> [22:41] <spender> 1 for DTE
> [22:41] <spender> ~10 for LIDS
> [22:42] <BlackNet> that's alot
> [22:42] <spender> oh
> [22:42] <spender> 3 i think for linsec
> [22:43] <BlackNet> all of these are non-reported?
> [22:43] <spender> correct
> 
> So I ask grsecurity fans, why would you run the software of someone no 
> better than the people trying to crack your machine? This is not 
> responsible behaviour and shows a clear disregard for security and 
> safety of others.

What I wonder is: Why would Brad specifically target exec-shield and Fedora? I
mean, with 10 zero-day bugs, doesn't this mean that LIDS would be a much more
easier target?

It couldn't have anything to do with the way the people from the company
behind exec-shield have treated people from competing projects, such as
gr-security. Could it?

FYI, I don't know Brad Spender. I am not a gr-security user and neither am I a
gr-security fan. Although I can understand what he is doing, I don't approve
of it.

Groetjes,
Peter Busser

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ