lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTim4ye-R6OBRAnDEsQfwyBTEEgeYjA@mail.gmail.com>
Date: Fri, 29 Apr 2011 13:34:44 +1000
From: "-= Glowing Doom =-" <secn3t@...il.com>
To: ichib0d crane <themadichib0d@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Insect Pro - Advisory 2011 0428 - Zero Day -
 Heap Buffer Overflow in xMatters APClient

Im with ya there, Insect is a joke... i mean, open src tools, sure, we can
use those... but, a non open src, non free tool,. being posted ATALL
surprises me.. so, why berat up on him ? your lame app missed shit, simple..
even if your a good coder, does not mean YOUR product will 'rule'.
Sorry but, ichib0d, is in the right, he should -not- be flamed for his
willingness to participate, in something wich most lister's agree with..
your the minority here sherlock.. trying to sell an app, on FD... whats
next!
xd


On 29 April 2011 08:22, ichib0d crane <themadichib0d@...il.com> wrote:

> Any reason for the hostility? The nigerian thing was ages ago and out
> of curiosity, and I don't see how my choice of school is relevant in
> the situation. Wheres this six month deal coming from and when did I
> ever say I even counted myself as a hacker?
>
> All I'm saying is InsectPro did poor documentation and poor
> investigation into the "vulnerability".
>
> On Thu, Apr 28, 2011 at 3:11 PM, ghost <ghosts@...il.com> wrote:
> > So in 6 short months you've become a master hacker huh Gage ? All that
> > reporting "nigerian scammers" really put you to the top of the hacker
> > echelon ?  or is it cause you finally got a piece of paper as
> > "recognition" from your little school ?
> >
> > In short; Shut the fuck up and go play in traffic, kid.
> >
> >
> > On Thu, Apr 28, 2011 at 2:39 PM, ichib0d crane <themadichib0d@...il.com>
> wrote:
> >> This isn't a zero day. This is a vulnerability. Being able to crash
> >> the system is nothing compared to the effort needed to actually write
> >> the exploit. What function is the heap overflow in? Did you guys even
> >> bother to find out? How do I know this is even a heap overflow? Heck
> >> you couldnt even overwrite a single register! How effective are
> >> standard mitigations on the target? Are there even any?(if there isnt
> >> and you couldnt overwrite a single reg theres something wrong with
> >> you).
> >>
> >> Cool fuzz story bro, tell it again, but a quick fuzz doesn't drop zero
> >> days. A smart exploit WRITER drops zero days.
> >>
> >> Come back once you stop being an amateur.
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ