| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <57d00dc50712131400w1b7a3242w2b0da09f3fdd9a4@mail.gmail.com> Date: Thu, 13 Dec 2007 14:00:54 -0800 From: "Christopher Abad" <aempirei@...il.com> To: "Kristian Erik Hermansen" <kristian.hermansen@...il.com>, full-disclosure@...ts.grok.org.uk Subject: Re: gimp sc, and evilness This is a quite ridiculous series of emails that quickly turned south. Someone should clear this up. On Dec 13, 2007 12:48 AM, Kristian Erik Hermansen <kristian.hermansen@...il.com> wrote: > I don't appreciate people spreading false info about me. If there is > a problem, I would rather you say it to my face, in person, than > behind my back. I don't have a problem with you, but if you are > "blackballing" me in the security community, then you and I have > something to discuss... > > > On Dec 12, 2007 12:20 PM, Kristian Erik Hermansen > > <kristian.hermansen@...il.com> wrote: > > Hi Christopher, > > > > I do not mean to be shady at all. The point of the exploit was not I didnt call you shady. I LOLed a shady LOL. "A LOL--A shady one" > > original shellcode. The point was creating a universal exploit for > > Gimp on Windows which would also allow dynamic payload. If you see, > > the shellcode payload changes based on the user input for the URL. > > Nothing new, but useful for demonstration purposes. I perhaps should > > have left the second line from the Metasploit output so that > > attribution was taken. I was not aware that shellcode output from msf > > is intellectual property. I have given Metasploit plenty of credit > > when I thought necessary. I even asked H D Moore to borrow some > > images for a talk I did at the Ubuntu Live conference in Oregon this > > year, which he personally allowed... > > > > http://www.kristian-hermansen.com/clonezilla/clonezilla.pdf > > > > I also tried to do MSF a favor for more exposure and get 3.0 into > > Ubuntu's multiverse repository. However, due to some nuances in the > > MSF License, this was not possible. I don't see why you think I am so > > evil. I do not mean to be. I wish I could have made it to your > > gathering of drinks at 20 GOTO 10 post-baysec, but I was still in > > Boston. I will try to meet up with you guys at the next baysec, and > > you will see that I am not evil. Of course, my background in security > > is not as proficient as yours, and I have never been a CEO. Although, > > I am very familiar with all the companies you have lead. I do, > > however, wonder why you left Cloudmark just after it became > > profitable. To me, that sounds shady... Additionally, Cloudmark is a privately held company so either you guessed that they were profitable or an employee with a loose tongue unwittingly disclosed that information to you against their employment contract. > > -- > > Kristian Erik Hermansen > > "I have no special talent. I am only passionately curious." > > > > > > -- > Kristian Erik Hermansen > "I have no special talent. I am only passionately curious." > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists