lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTikbqinHLBCtKS6MhC7x0qGZCtOcbjCnZa1TtmXH@mail.gmail.com> Date: Tue, 26 Oct 2010 19:56:32 +0200 From: Christian Sciberras <uuf6429@...il.com> To: PsychoBilly <zpamh0l3@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Fwd: ipv6 flaw (is bullshit) > Why don't you all STFU and go play with your little IRC bots! I was wondering, did anyone actually miss the point? Over and out. On Mon, Oct 18, 2010 at 11:10 AM, Christian Sciberras <uuf6429@...il.com> wrote: > > Why don't you all STFU and go play with your little IRC bots! > > > > > On Mon, Oct 18, 2010 at 11:08 AM, PsychoBilly <zpamh0l3@...il.com> wrote: >> >> Anyways... >> http://images.encyclopediadramatica.com/images/thumb/e/ed/Internet_business.jpg/569px-Internet_business.jpg >> >> [[ Andrew Auernheimer ]] @ [[ 18/10/2010 10:58 ]]-------------------------------------------------- >> > ---------- Forwarded message ---------- >> > From: Andrew Auernheimer <gluttony@...il.com> >> > Date: Mon, 18 Oct 2010 04:51:59 -0400 >> > Subject: Re: ipv6 flaw >> > To: edit@...et.com.au >> > Cc: Eugene Teo <eugene@...hat.com> >> > >> > Dear ZDnet, >> > >> > This story: http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm >> > is someone talking straight out of their ass. We have no such >> > exploit, If we did have such an exploit, there is absolutely no way we >> > would share it with external parties. Not 4chan, not anyone. Due to >> > the immense success and resiliency of the Linux platform, a 0-day >> > kernel remote is worth serious money ($100k+ if you know the right >> > buyers), and we would have given it to the highest bidder or put it on >> > Bugtraq for maximum industry publicity. We would not have given it >> > away for free to ineffectual idiots in their moms basements who aren't >> > accomplishing anything. >> > >> > Beyond that, many of my closest friends make their living off of >> > intellectual property. I do not support defacement and DDoS as a >> > method of protest against anything, especially not a childish protest >> > against copyright. Authors have a right to charge however much they >> > please for their creative works. The people involved with these DDoS >> > attacks and web site defacements need to grow up and do something >> > useful with their lives. >> > >> > This article is ridden with a number of verifiably false errors. I'm >> > sure a quick talk with Eugene from the Red Hat Linux corporation (he >> > is cc'd to this email) could get you in touch with Linus who could >> > confirm that no such communication with us ever existed. In addition, >> > while I am probably one of the most skilled web application and >> > browser exploit hackers in the world, I do not do kernel bugs. I have >> > never done kernel work, with the exception of some stuff I did years >> > ago related to Mac OS X kext. Every single bit of my previous public >> > research has been related to a web browser bug or a web application >> > bug. If someone in Goatse Security were to be involved with the >> > creation of a kernel-related exploit, it would not be me. >> > >> > Lastly, my contact info is amazingly public. I was awake and checking >> > my email when your story was posted, and for the 11 or so hours >> > preceeding it. I have also talked with reporters at ZDnet previously, >> > including ZDnet Australia. So the next time you have the urge to print >> > libelous, sensational misinformation defaming both the integrity of my >> > information security working group and the security of Linux, please >> > give me an e-mail or phonecall first. The contact info is on the >> > Goatse Security website. I should be informed of this stuff by your >> > "journalists" (who are supposed to do things such as contact parties >> > involved in a suspect claim from a random anonymous idiot on the >> > Internet) and not someone from a major software vendor. >> > >> > Thanks, >> > weev >> > >> > On Mon, Oct 18, 2010 at 2:35 AM, Eugene Teo <eugene@...hat.com> wrote: >> >> >> >> Hi Weev, >> >> >> >> I read a ZDNet news report that you have discovered a Linux kernel vulnerability, and I am wondering if you will be willing to share the technical details of the flaw. >> >> >> >> http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm >> >> >> >> Thanks, Eugene >> >> -- >> >> Eugene Teo / Red Hat Security Response Team >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists