lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 18 Oct 2010 16:17:25 -0400
From: Andrew Auernheimer <gluttony@...il.com>
To: king of pain <n3ptun3@...don.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: ipv6 flaw (is bullshit)

FYI---

the prosecution has refused to comply with discovery, effectively quietly
droppin the charges. I walk.

On Mon, Oct 18, 2010 at 3:35 PM, king of pain <n3ptun3@...don.com> wrote:

> Mr. Auernheimer,
>
> ..."Notions of criminal activity"[1]. Interesting. ZDNet is funded by sheep
> dumb enough to swallow retweeted blogcruft on shiny magazine stock. Why
> don't you represent yourself in a court if it's so libelous? And also if you
> do in fact have a brand you should register a trademark or servicemark to
> protect your rights.
>
> How's that narcotics case coming along? 4 felonies was it?You claim you
> hacking iPads is a free speech case and, after all your bragging of
> substance abuse on the iProphet video, you suggest you may not hold
> culpability for this possession of this contraband because of your "landmark
> free speech case"? [2]
>
> Enjoy Prison.
>
> ZDNet,
>
>   http://seclists.org/fulldisclosure/2010/Mar/84
>
> You people at zdnet are also part of the problem. You are just another hack
> clogging the tubes with your spam and cruft. We don't need 50 news sources
> with identical content - you just get into blackhat spamwars with
> sensational article titles, topics on Google News and Magazine covers to get
> people to buy. You're a dying a breed. For christ sakes, instead of being a
> bunch of pretentious losers in thick rimmed glasses trying to hit on
> attention whores who don't put out. What is the matter with you.
>
>
> Evidence:
>
> [1] AUERNHEIMER, ANDREW. weev loves you. 2010-10-18. URL:
> http://weev.livejournal.com/. Accessed: 2010-10-18. (Archived by WebCite®at http://www.webcitation.org/5tZu573jE)<http://www.webcitation.org/5tZu573jE>
> [2] AUERNHEIMER, ANDREW. Hypocrites and pharisees. 2010-10-18. URL:
> http://security.goatse.fr/hypocrites-and-pharisees. Accessed: 2010-10-18. (Archived
> by WebCite® at http://www.webcitation.org/5tZuhmpYn)<http://www.webcitation.org/5tZuhmpYn>
>  <http://www.webcitation.org/5tZu573jE>
>
>  -----Original Message-----
> From: Andrew Auernheimer <gluttony@...il.com>
> To: full-disclosure@...ts.grok.org.uk
> Sent: Mon, Oct 18, 2010 8:58 am
> Subject: [Full-disclosure] Fwd: ipv6 flaw (is bullshit)
>
>  ---------- Forwarded message ----------
>
>
> From: Andrew Auernheimer <gluttony@...il.com>
>
>
> Date: Mon, 18 Oct 2010 04:51:59 -0400
>
>
> Subject: Re: ipv6 flaw
>
>
> To: edit@...et.com.au
>
>
> Cc: Eugene Teo <eugene@...hat.com>
>
>
>
>
> Dear ZDnet,
>
>
>
>
> This story: http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm
>
>
>  is someone talking straight out of their ass. We have no such
>
>
> exploit, If we did have such an exploit, there is absolutely no way we
>
>
> would share it with external parties. Not 4chan, not anyone. Due to
>
>
> the immense success and resiliency of the Linux platform, a 0-day
>
>
> kernel remote is worth serious money ($100k+ if you know the right
>
>
> buyers), and we would have given it to the highest bidder or put it on
>
>
> Bugtraq for maximum industry publicity. We would not have given it
>
>
> away for free to ineffectual idiots in their moms basements who aren't
>
>
> accomplishing anything.
>
>
>
>
> Beyond that, many of my closest friends make their living off of
>
>
> intellectual property. I do not support defacement and DDoS as a
>
>
> method of protest against anything, especially not a childish protest
>
>
> against copyright. Authors have a right to charge however much they
>
>
> please for their creative works. The people involved with these DDoS
>
>
> attacks and web site defacements need to grow up and do something
>
>
> useful with their lives.
>
>
>
>
> This article is ridden with a number of verifiably false errors. I'm
>
>
> sure a quick talk with Eugene from the Red Hat Linux corporation (he
>
>
> is cc'd to this email) could get you in touch with Linus who could
>
>
> confirm that no such communication with us ever existed. In addition,
>
>
> while I am probably one of the most skilled web application and
>
>
> browser exploit hackers in the world, I do not do kernel bugs. I have
>
>
> never done kernel work, with the exception of some stuff I did years
>
>
> ago related to Mac OS X kext. Every single bit of my previous public
>
>
> research has been related to a web browser bug or a web application
>
>
> bug. If someone in Goatse Security were to be involved with the
>
>
> creation of a kernel-related exploit, it would not be me.
>
>
>
>
> Lastly, my contact info is amazingly public. I was awake and checking
>
>
> my email when your story was posted, and for the 11 or so hours
>
>
> preceeding it. I have also talked with reporters at ZDnet previously,
>
>
> including ZDnet Australia. So the next time you have the urge to print
>
>
> libelous, sensational misinformation defaming both the integrity of my
>
>
> information security working group and the security of Linux, please
>
>
> give me an e-mail or phonecall first. The contact info is on the
>
>
> Goatse Security website. I should be informed of this stuff by your
>
>
> "journalists" (who are supposed to do things such as contact parties
>
>
> involved in a suspect claim from a random anonymous idiot on the
>
>
> Internet) and not someone from a major software vendor.
>
>
>
>
> Thanks,
>
>
> weev
>
>
>
>
> On Mon, Oct 18, 2010 at 2:35 AM, Eugene Teo <eugene@...hat.com> wrote:
>
>
> >
>
>
> > Hi Weev,
>
>
> >
>
>
> > I read a ZDNet news report that you have discovered a Linux kernel
>
>
> vulnerability, and I am wondering if you will be willing to share the technical
>
>
> details of the flaw.
>
>
> >
>
>
> > http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm
>
>
> >
>
>
> > Thanks, Eugene
>
>
> > --
>
>
> > Eugene Teo / Red Hat Security Response Team
>
>
>
>
> _______________________________________________
>
>
>
> Full-Disclosure - We believe in it.
>
>
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>
>
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ