Full Disclosure mailing list archives
Re: owning ubuntu apt-key net-update (maybe apt-get update related)
From: Georgi Guninski <guninski () guninski com>
Date: Sun, 25 Sep 2011 12:29:59 +0300
On Sat, Sep 24, 2011 at 07:49:19AM +1000, GloW - XD wrote:
Aha, sounds like typical (unfortunately), the case of the 'sads' on Ubuntus behalf. This is what unfortunately stops somany people from reporting, just that BIT of acknowledgemnt, even just a thanks on theyre webpage, but instead they people think "oh well, this guy has probably raped 5000 boxes then given us this" , it must be the approach of some companies, or they have very pathetic secteams, (in ubuntus cause, -no comment rofl). anyhow thx for clearing that up. cheers, xd
10x. btw, there is strange behaviour with colliding gpg key IDs. the first one totally shadows the second one, which might potentially be exploitable. a possible scenario might be to trick the user to import the forged key ID first. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- owning ubuntu apt-key net-update (maybe apt-get update related) Georgi Guninski (Sep 22)
- Re: owning ubuntu apt-key net-update (maybe apt-get update related) Georgi Guninski (Sep 22)
- Re: owning ubuntu apt-key net-update (maybe apt-get update related) Georgi Guninski (Sep 22)
- Re: owning ubuntu apt-key net-update (maybe apt-get update related) GloW - XD (Sep 22)
- Re: owning ubuntu apt-key net-update (maybe apt-get update related) Georgi Guninski (Sep 23)
- Re: owning ubuntu apt-key net-update (maybe apt-get update related) GloW - XD (Sep 23)
- Re: owning ubuntu apt-key net-update (maybe apt-get update related) Georgi Guninski (Sep 25)
- Re: owning ubuntu apt-key net-update (maybe apt-get update related) GloW - XD (Sep 22)