Vulnerability Development mailing list archives
Re: Potential hole in Ettercap 0.6.2
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 04 Dec 2001 12:37:30 -0800
Michal Zalewski wrote:
GOBBLES is a good, one-time joke gone annoying... This guy is certainly a good english speaker - the nature of "mistakes" made by him are not ones newbies do; people with poor English skills tend to traslate idioms or grammar constructions literally, to use the incorrect meaning of a word, to use synonyms in their language that are not synonyms in English, to make _certain_ spelling mistakes and such. Actually, he either knows English very good (I guess better than me), or, more likely, is a native English speaker.
Which is frankly why the first couple of messages were let through. Long-time subscribers will be aware that I'm not opposed to a good joke on list now and then.
He personally attacks AtStake, Alfred Huger and many other people,
Which is why I have a policy against personal attacks on the list. If I want someone's info on the list, and I can't tolerate their rants, I'll simply summarize their info myself. This is the first time I've had to do this in the over 2 years that the list has existed.
so apparently has a good knowledge of the community. This might be a way of someone to disclose some less revelant findings and have some fun. One way or another, I can hardly say any of GOBBLES advisories so far had a real value. I must say I do not find this offensive style entertaining, and I do not perceive it as something clever. Anyone familiar with the Usenet should have a good idea what a troll is, and how to deal with it... GOBBLES posts are written exclusively to cause endless discussions, flame wars, unnecessary noise - or, to be short, to get some attention.
I'm certainly aware of what a troll is. BTW, pointing out that something is a troll is also feeding the trolls. :) The fact that something is a troll won't necessarily disqualify it for inclusion. It's pretty pointless to troll a moderated list. You generally just piss off the moderator, who is the one you have to get past.
I hate to say so, but maybe it is time to ignore him? Instead of forwarding posts or excerpts or notification about yet another vulnerability in a discontinued line of scientific calculators, command-line buffer overflow / format string bug in a program that is not supposed to be setuid, claims that a failure to log authentication failure is a "remote root exploit", or an advisory on data leak as revelant to the security of your system as disclosing your system time or username by Sendmail in mail headers? I am not saying we should ignore valuable research if it does not conform to some "style guidelines", or that we should reject such very minor (and often unverified) bug reports if described in an acceptable manner, but if it does not have any value and lacks style, it is just sad.
Were this Bugtraq, the posts wouldn't be (and aren't) permitted. Since it's vuln-dev, I will allow some posts which I know (or think I know) aren't anything that can be exploited. I get surprised sometimes. Since we've spent a bit of time discussing *getty problems lately, it would be a bit inconsistent for me to just ignore the ettercap thing, since it appears to be just slightly more likely to have an exploitable scenario. Along those lines, I have taken a vote in the past and have had subscribers indicate that they wish to see bugs in non-suid programs. The volume gets a bit high, though. I'll probably have to start collecting summaries for all of the "x is vulnerable" posts, similar to what Bugtraq does sometimes. I can't do it exactly like that, since this is a discussion list. I will need to let through posts that are related, but not quite the same, more often. BB
Current thread:
- Potential hole in Ettercap 0.6.2 Blue Boar (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Michal Zalewski (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Blue Boar (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Jonathan Bloomquist (Dec 04)
- Proof of concept for the format bug in Ettercap 0.6.2 BAILLEUX Christophe (Dec 05)
- <Possible follow-ups>
- Re:Potential hole in Ettercap 0.6.2 w1re p4ir (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 Jose Nazario (Dec 04)
- Message not available
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Michal Zalewski (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Melsa (Dec 04)