Re: gimp sc, and evilness

["Christopher Abad" <aempirei () gmail com>]

This is a quite ridiculous series of emails that quickly turned south.
Someone should clear this up.

On Dec 13, 2007 12:48 AM, Kristian Erik Hermansen
<kristian.hermansen () gmail com> wrote:
> I don't appreciate people spreading false info about me.  If there is
> a problem, I would rather you say it to my face, in person, than
> behind my back.  I don't have a problem with you, but if you are
> "blackballing" me in the security community, then you and I have
> something to discuss...
>
>
> On Dec 12, 2007 12:20 PM, Kristian Erik Hermansen
>
> <kristian.hermansen () gmail com> wrote:
> > Hi Christopher,
> >
> > I do not mean to be shady at all.  The point of the exploit was not

I didnt call you shady. I LOLed a shady LOL.

"A LOL--A shady one"

> > original shellcode.  The point was creating a universal exploit for
> > Gimp on Windows which would also allow dynamic payload.  If you see,
> > the shellcode payload changes based on the user input for the URL.
> > Nothing new, but useful for demonstration purposes.  I perhaps should
> > have left the second line from the Metasploit output so that
> > attribution was taken.  I was not aware that shellcode output from msf
> > is intellectual property.  I have given Metasploit plenty of credit
> > when I thought necessary.  I even asked H D Moore to borrow some
> > images for a talk I did at the Ubuntu Live conference in Oregon this
> > year, which he personally allowed...
> >
> > http://www.kristian-hermansen.com/clonezilla/clonezilla.pdf
> >
> > I also tried to do MSF a favor for more exposure and get 3.0 into
> > Ubuntu's multiverse repository.  However, due to some nuances in the
> > MSF License, this was not possible.  I don't see why you think I am so
> > evil.  I do not mean to be.  I wish I could have made it to your
> > gathering of drinks at 20 GOTO 10 post-baysec, but I was still in
> > Boston.  I will try to meet up with you guys at the next baysec, and
> > you will see that I am not evil.  Of course, my background in security
> > is not as proficient as yours, and I have never been a CEO.  Although,
> > I am very familiar with all the companies you have lead.  I do,
> > however, wonder why you left Cloudmark just after it became
> > profitable.  To me, that sounds shady...

Additionally, Cloudmark is a privately held company so either you
guessed that they were profitable or an employee with a loose tongue
unwittingly disclosed that information to you against their employment
contract.

> > --
> > Kristian Erik Hermansen
> > "I have no special talent. I am only passionately curious."
>
>
>
> --
> Kristian Erik Hermansen
> "I have no special talent. I am only passionately curious."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/