| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4CBC0E7D.6090302@gmail.com> Date: Mon, 18 Oct 2010 11:08:13 +0200 From: PsychoBilly <zpamh0l3@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Fwd: ipv6 flaw (is bullshit) Anyways... http://images.encyclopediadramatica.com/images/thumb/e/ed/Internet_business.jpg/569px-Internet_business.jpg [[ Andrew Auernheimer ]] @ [[ 18/10/2010 10:58 ]]-------------------------------------------------- > ---------- Forwarded message ---------- > From: Andrew Auernheimer <gluttony@...il.com> > Date: Mon, 18 Oct 2010 04:51:59 -0400 > Subject: Re: ipv6 flaw > To: edit@...et.com.au > Cc: Eugene Teo <eugene@...hat.com> > > Dear ZDnet, > > This story: http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm > is someone talking straight out of their ass. We have no such > exploit, If we did have such an exploit, there is absolutely no way we > would share it with external parties. Not 4chan, not anyone. Due to > the immense success and resiliency of the Linux platform, a 0-day > kernel remote is worth serious money ($100k+ if you know the right > buyers), and we would have given it to the highest bidder or put it on > Bugtraq for maximum industry publicity. We would not have given it > away for free to ineffectual idiots in their moms basements who aren't > accomplishing anything. > > Beyond that, many of my closest friends make their living off of > intellectual property. I do not support defacement and DDoS as a > method of protest against anything, especially not a childish protest > against copyright. Authors have a right to charge however much they > please for their creative works. The people involved with these DDoS > attacks and web site defacements need to grow up and do something > useful with their lives. > > This article is ridden with a number of verifiably false errors. I'm > sure a quick talk with Eugene from the Red Hat Linux corporation (he > is cc'd to this email) could get you in touch with Linus who could > confirm that no such communication with us ever existed. In addition, > while I am probably one of the most skilled web application and > browser exploit hackers in the world, I do not do kernel bugs. I have > never done kernel work, with the exception of some stuff I did years > ago related to Mac OS X kext. Every single bit of my previous public > research has been related to a web browser bug or a web application > bug. If someone in Goatse Security were to be involved with the > creation of a kernel-related exploit, it would not be me. > > Lastly, my contact info is amazingly public. I was awake and checking > my email when your story was posted, and for the 11 or so hours > preceeding it. I have also talked with reporters at ZDnet previously, > including ZDnet Australia. So the next time you have the urge to print > libelous, sensational misinformation defaming both the integrity of my > information security working group and the security of Linux, please > give me an e-mail or phonecall first. The contact info is on the > Goatse Security website. I should be informed of this stuff by your > "journalists" (who are supposed to do things such as contact parties > involved in a suspect claim from a random anonymous idiot on the > Internet) and not someone from a major software vendor. > > Thanks, > weev > > On Mon, Oct 18, 2010 at 2:35 AM, Eugene Teo <eugene@...hat.com> wrote: >> >> Hi Weev, >> >> I read a ZDNet news report that you have discovered a Linux kernel vulnerability, and I am wondering if you will be willing to share the technical details of the flaw. >> >> http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm >> >> Thanks, Eugene >> -- >> Eugene Teo / Red Hat Security Response Team > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists