lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTi=NxdOZa0Ma+6KEfZ99UEANw8+97fzuuSeTbHvw@mail.gmail.com>
Date: Mon, 18 Oct 2010 04:58:58 -0400
From: Andrew Auernheimer <gluttony@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: ipv6 flaw (is bullshit)

---------- Forwarded message ----------
From: Andrew Auernheimer <gluttony@...il.com>
Date: Mon, 18 Oct 2010 04:51:59 -0400
Subject: Re: ipv6 flaw
To: edit@...et.com.au
Cc: Eugene Teo <eugene@...hat.com>

Dear ZDnet,

This story: http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm
 is someone talking straight out of their ass. We have no such
exploit, If we did have such an exploit, there is absolutely no way we
would share it with external parties. Not 4chan, not anyone. Due to
the immense success and resiliency of the Linux platform, a 0-day
kernel remote is worth serious money ($100k+ if you know the right
buyers), and we would have given it to the highest bidder or put it on
Bugtraq for maximum industry publicity. We would not have given it
away for free to ineffectual idiots in their moms basements who aren't
accomplishing anything.

Beyond that, many of my closest friends make their living off of
intellectual property. I do not support defacement and DDoS as a
method of protest against anything, especially not a childish protest
against copyright. Authors have a right to charge however much they
please for their creative works. The people involved with these DDoS
attacks and web site defacements need to grow up and do something
useful with their lives.

This article is ridden with a number of verifiably false errors. I'm
sure a quick talk with Eugene from the Red Hat Linux corporation (he
is cc'd to this email) could get you in touch with Linus who could
confirm that no such communication with us ever existed. In addition,
while I am probably one of the most skilled web application and
browser exploit hackers in the world, I do not do kernel bugs. I have
never done kernel work, with the exception of some stuff I did years
ago related to Mac OS X kext. Every single bit of my previous public
research has been related to a web browser bug or a web application
bug. If someone in Goatse Security were to be involved with the
creation of a kernel-related exploit, it would not be me.

Lastly, my contact info is amazingly public. I was awake and checking
my email when your story was posted, and for the 11 or so hours
preceeding it. I have also talked with reporters at ZDnet previously,
including ZDnet Australia. So the next time you have the urge to print
libelous, sensational misinformation defaming both the integrity of my
information security working group and the security of Linux, please
give me an e-mail or phonecall first. The contact info is on the
Goatse Security website. I should be informed of this stuff by your
"journalists" (who are supposed to do things such as contact parties
involved in a suspect claim from a random anonymous idiot on the
Internet) and not someone from a major software vendor.

Thanks,
weev

On Mon, Oct 18, 2010 at 2:35 AM, Eugene Teo <eugene@...hat.com> wrote:
>
> Hi Weev,
>
> I read a ZDNet news report that you have discovered a Linux kernel vulnerability, and I am wondering if you will be willing to share the technical details of the flaw.
>
> http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm
>
> Thanks, Eugene
> --
> Eugene Teo / Red Hat Security Response Team

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ