[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040330181441.GC12787@umich.edu>
From: marius at umich.edu (marius aamodt eriksen)
Subject: Re: systrace silently patches full local bypass vulnerability on Linux
what's up with brad spengler?
brad has told me in person that he would not do security commercially
since he believed that would change the motivation for doing security
work; that it would become competitive, and thus "unpure." brad -
what is your motivation now?
do you consider systrace a competitor now? why are your motivations
now seemingly not pure?
as a member of the PHC, brad is credited with contributing to text
such as
--[ 3.1.1 PHC-switch-a-w00
This is an idea spawned off many, many hours of television from
warez mullah. He suggested that you create a fake identity by
creating a paper trail to your whitehat or w00w00 member because
they make so much money for selling out. I suggest using someone
like Dug Song because I'm sure Arbornet pays him pretty well for
writing _shit_. Although I hear Niels Provos author of systrace
(most useless and bug ridden security tool EVER) is now employed at
Google. I would basically rely on using their credit card
information to fund your jihad. So when the police go and track
down serial numbers and shit like that. Their cc# connects to the
shit you bought. Great for buying illegal hardware to store images
monkey.org's user accounts!
as you can see, brad uses his awesome interpersonal skills to make
friends with respected members of the computer security community.
people who have made real contributions, both academic and in
important software.
brad, isn't it funny we all presented projects, side-by-side, and had
fruitful discussions about computer security? what happened?
http://lsm.abul.org/program/topic02/topic02.php3
this attitude of yours seems to be consistent,
http://www.monkey.org/openbsd/archive/misc/0304/msg01399.html
and even through artistic expression
http://www.grsecurity.net/~spender/dsc18910.jpg
archived at
http://monkey.org/~marius/tmp/spender-art-dsc18910.jpg
in case he changes it.
so brad -- what's up?
and for the record -- the reason i did not make a big fuss about the
ptrace issue is that in order to actually escape systrace protection
with this, the user would have to ehtier ptrace the process themselves
and/or explicitly allow sys_ptrace in the respective policy/ies.
marius.
--
marius a eriksen <marius@...ch.edu> | http://www.citi.umich.edu/u/marius/
Powered by blists - more mailing lists