lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <487E6CBB.4080001@buanzo.com.ar>
Date: Wed, 16 Jul 2008 18:48:43 -0300
From: Arturo 'Buanzo' Busleiman <buanzo@...nzo.com.ar>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk, Brad Spengler <spender@...ecurity.net>,
	dailydave@...ts.immunitysec.com
Subject: Re: Linux's unofficial security-through-coverup
 policy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Valdis.Kletnieks@...edu wrote:
| Similar reasoning applies to almost all uses of Linux in the embedded
| world - if you already have code running on the cell phone, there really
| isn't *anything* you can do by abusing something like the setldt() bug
| that you couldn't *already* do to the box.

I so agree! :) - It reminds me of an argentina group that released an "advisory" about a root
exploit... that required root privileges to be exploitable. I LOLed (and was embarrassed, too, I'm
an argentine) for a week.

- --
Arturo "Buanzo" Busleiman
Independent Linux and Security Consultant - SANS - OISSG - OWASP
http://www.buanzo.com.ar/pro/eng.html
Mailing List Archives at http://archiver.mailfighter.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIfmy7AlpOsGhXcE0RCi41AJ48aEeDDCVH2ueY/9DGa3KmcCEaQgCfUmDN
TSAb2cS0yc+jv7McBoIwe0I=
=WmQg
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ