Full Disclosure mailing list archives
Re: RE: Isecom.org ideahamster.org and the hackerhighschool.org
From: robert () dyadsecurity com
Date: Thu, 2 Dec 2004 12:00:37 -0800
your_momma () hushmail com(your_momma () hushmail com)@Thu, Dec 02, 2004 at 09:34:41AM -0800:
is that,, (IMHO) an sql injection flaw on a SECURITY SOFTWARE YOU RELEASED?
Just try getting alicorn installed, I dare you :). Alicorn doesn't work yet. Maybe this Friday's release will. The release you looked at was a prelim devel release that was noted to have security issues. Don't act like you're doing anyone any favors by pointing out something that was already documented to be true.
SO, IT SEEMS YOU DON'T UNDERSTAND SECURITY, NEITHER SECURE DEVELOPMENT and all that you could offer us is "if you truely want security, please use selinux"????
It is inevitable that software modules will have mistakes. The unicornscan code is actually pretty well written from a security perspective, but I'm sure it will be shown to have a problem somewhere someday... though I notice you didn't bother to find one yet. If you do, please share. I am a fan of full disclosure as a rule ;). The real take away here though is that if you run software in a Discretionary Access Control model, you have no inherent security assurances. This is why we recommend using SE Linux, so you can enforce what the software is allowed to do in case it comes to light that there was a mistake made in the software module.
So you want war.. you'll have war.
I don't want a war. To be honest, I've always though you guys were pretty funny, if not a bit on the childish side. I appreciate your humor. What is annoying though is after I tried to reach out and make the peace with you, you've decided to resort to baseless personal attacks.
a little retard, you know.. another script kiddie that broke isecom b0x.
Heh .. I hate the term script kiddie. It's overused and is most commonly used by people who aren't technical enough to be throwing around comments like that. Granted you didn't get root on the box... but that wasn't your point. Your point was to deliver a political blow against ISECOM by making it seem as though you fully compromised the website. That's actually a brilliant social hack, and I can appreciate that even if the technical details of the hack were a bit lame :). In closing .. I mean you no harm. Please move on. It will only get ugly from here on. Sincerely, Robert -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Isecom.org ideahamster.org and the hackerhighschool.org robert (Nov 30)
- <Possible follow-ups>
- Re: RE: Isecom.org ideahamster.org and the hackerhighschool.org Hans Ulrich Niedermann (Dec 01)
- RE: Isecom.org ideahamster.org and the hackerhighschool.org your_momma (Dec 02)
- Re: RE: Isecom.org ideahamster.org and the hackerhighschool.org robert (Dec 02)