Full Disclosure mailing list archives
for the record... (Tru64 / Compaq)
From: full-disclosure () lists netsys com (KF)
Date: Wed, 31 Jul 2002 20:01:07 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_0044_01C238CD.020E7BF0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I can't seem to get this to bugtraq ... darn mime types keep barking at =
me... someone wanna forward it.=20
-KF
----- Original Message -----=20
From: KF=20
To: full-disclosure () lists netsys com ; bugtraq () securityfocus com ; =
recon () snosoft com=20
Sent: Wednesday, July 31, 2002 7:42 PM
Subject: [Full-disclosure] for the record... (Tru64 / Compaq)
http://www.msnbc.com/news/788216.asp?0dm=3DT14JT
Clarke cautioned that hackers should be responsible in reporting =
programming mistakes. A hacker should contact the software maker first, =
he said, then go to the government if the software maker does not =
respond soon.
------------------------------------
For the record... we contacted HP(at the time Compaq), and CERT =
several times. I attached the original version of our su exploit (not =
the one that phased leaked) to NIPC and to CERT BOTH. We recieved an =
extremely long delay at CERT before they even responded. At that point I =
called CERT 2 times to see what the heck was going on and eventually I =
establish contact (Ian Finley). I also mailed nipc.watch () nipc gov or =
whatever the email address on their page was. They didn't mail back ... =
no auto responder or nothing. ( I mailed the back weeks later and said I =
was shocked that I got no response and still got nothing back). I then =
called the NIPC hotline 3 times. The first 2 times I called I spoke to =
someone that should have been flopping whoppers "uhhhh a non-executable =
computer security what... let me send you to so and so's voicemail". =
Then I called back a week later and gave them the CERT vu numbers (after =
CERT finally responed). I left my cell phone number on someones =
voicemail again at NIPC... no one called me back.=20
I deeply regret the fact that one of my team members plagerized =
another and leaked some code but my god people WE TRYED to give SEVERAL =
people a heads up!=20
-KF=20
------=_NextPart_000_0044_01C238CD.020E7BF0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4916.2300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I can't seem to get this to bugtraq ... =
darn mime=20
types keep barking at me... someone wanna forward it. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>-KF<BR></FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3Ddotslash () snosoft com =
href=3D"mailto:dotslash () snosoft com">KF</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
title=3Dfull-disclosure () lists netsys com=20
=
href=3D"mailto:full-disclosure () lists netsys com">full-disclosure () lists ne=
tsys.com</A>=20
; <A title=3Dbugtraq () securityfocus com=20
=
href=3D"mailto:bugtraq () securityfocus com">bugtraq () securityfocus com</A> =
; <A=20
title=3Drecon () snosoft com =
href=3D"mailto:recon () snosoft com">recon () snosoft com</A>=20
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Wednesday, July 31, 2002 =
7:42=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> [Full-Disclosure] for =
the=20
record... (Tru64 / Compaq)</DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial size=3D2><FONT face=3DArial size=3D2><A=20
=
href=3D"http://www.msnbc.com/news/788216.asp?0dm=3DT14JT";>http://www.msnb=
c.com/news/788216.asp?0dm=3DT14JT</A></FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
size=3D3>Clarke=20
cautioned that hackers should be responsible in reporting programming=20
mistakes. A hacker should contact the software maker first, he said, =
then go=20
to the government if the software maker does not respond=20
soon.</FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman"=20
size=3D3></FONT></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman"=20
size=3D3>------------------------------------</FONT></DIV>
<DIV><BR></DIV></FONT>
<DIV><FONT face=3DArial size=3D2>For the record... we contacted HP(at =
the time=20
Compaq), and CERT several times. I attached the original version =
of our=20
su exploit (not the one that phased leaked) to NIPC and to CERT BOTH. =
We=20
recieved an extremely long delay at CERT before they even =
responded.=20
At that point I called CERT 2 times to see what the heck was =
going on and=20
eventually I establish contact (Ian Finley). I also mailed <A=20
href=3D"mailto:nipc.watch () nipc gov">nipc.watch () nipc gov</A> or =
whatever the=20
email address on their page was. They didn't mail back ... no auto =
responder=20
or nothing. ( I mailed the back weeks later and said I was shocked =
that I got=20
no response and still got nothing back). I then called the NIPC =
hotline 3=20
times. The first 2 times I called I spoke to someone that should have =
been=20
flopping whoppers "uhhhh a non-executable computer security what... =
let me=20
send you to so and so's voicemail". Then I called back a week later =
and gave=20
them the CERT vu numbers (after CERT finally responed). I left my cell =
phone=20
number on someones voicemail again at NIPC... no one called me back.=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I deeply regret the fact that one of =
my team=20
members plagerized another and leaked some code but my god people WE =
TRYED to=20
give SEVERAL people a heads up! </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>-KF</FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial =
size=3D2><BR> </DIV></BLOCKQUOTE></FONT></BODY></HTML>
------=_NextPart_000_0044_01C238CD.020E7BF0--
Current thread:
- for the record... (Tru64 / Compaq) KF (Jul 31)
- for the record... (Tru64 / Compaq) KF (Jul 31)