lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Mar 2014 15:54:14 -0300
From: Alfredo Ortega <>
Subject: Re: Google vulnerabilities with PoC

Oh and this guy Shadown seems pretty knowledgeable too.

BTW now I have to read what is this about,lets see...

Alright, from TFA:

"That means that a door was open for anyone to upload any file of
choice. Whether this is a security vulnerability or not, I will leave
that to your discretion"

Not even you are sure this is a real vulnerability. It is not.

On 03/14/2014 03:36 PM, Alfredo Ortega wrote:
> Mario has years of experience (more than 10 in fact) in exploit writing
> and vulnerability assessment. I would consider his position on the subject.
> If you don't believe me, Argentina extended me certifications that
> proves that I can tell who has vulnerability assesment skills and who
> does not.
> If you don't believe in Argentina, you should know the ONU accepts it as
> a sovereign independent country.
> That is the complete certificate chain proving you that Mario is not an
> idiot as you inferred.
> Best regards,
> Alfred
> On 03/14/2014 10:50 AM, Sergio 'shadown' Alvarez wrote:
>> Dear Nicholas Lemonias,
>> I don't use to get in these scrapy discussions, but yeah you are in a completetly different level if you compare yourself with Mario.
>> You are definitely a Web app/metasploit-user guy and pick up a discussion with a binary and memory corruption ninja exploit writter like Mario. You should know your place and shut up. Period.
>> Btw, if you dare discussing with a beast like lcamtuf, you are definitely out of your mind.
>> Cheers,
>>   Sergio.
>> -- Sergio
>> On Mar 14, 2014, "Nicholas Lemonias." <> wrote:
>>> We are on a different level perhaps. We do certainly disagree on those
>>> points.
>>> I wouldn't hire you as a consultant, if you can't tell if that is a
>>> valid
>>> vulnerability..

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists