RE: remote kernel exploits?

[andy_mn () hushmail com (andy_mn () hushmail com)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi again

A number of people have pointed out to me that ~el8 is a group,
not an individual. My bad on that point. It's also apparent
that many are afraid to stick their necks out when mentioning
this group, judging by the number of emails sent to me that
weren't CC'd to the lists.

I really don't understand what the problem is. Isn't it in our
best interests to openly discuss these remote kernel
vulnerabilities? Or is everyone content with this group of
kids being able to gain access to almost anything they
choose just because of someone's choice of operating system? And
what kind of researcher would've given them these tools before
notifying the rest of us anyway? I really think it's time
to let the cat out of the bag on this issue.

It's been reported to me that if the vulnerability rumours are
true, then even most firewall setups would be completely futile.
So am I just supposed to remain quiet about this like everyone
else and hope I'm not attacked?

My friend told me that there is no guarantee that any source
tree fixes actually fix the bugs that these kids have access
to. So in other words, unless one of these brats comes forward
or the irresponsible security professional who was reckless
with the information, we can never be sure that we have an
operating system with these bugs fixed.

If they don't deface websites with these exploits, then what
do they do? Steal credit card information? Makes little
difference to my argument.

> Why would all the good programmers be on the good side? You rea
> lly think
> there arn't groups out there that have outstandig coding skills
> . That could
> make such exploits, and find such errors. I personnaly think, a
> nd know
> pretty sure, that there are plenty of outstandig hackers outthe
> re that could
> make such exploits and use it in such a way that it's not revie
> led to the
> community.
>
> "if the kids really did have such an exploit, you'd think they'
> d
> tag their h4ndl3z all over high profile sites." who knows, but
> don't be to
> sure ...
>
> Cheers,
>
> Joep Gommers
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlwEARECABwFAj2ATEYVHGFuZHlfbW5AaHVzaG1haWwuY29tAAoJEDRxILB1JtUKua4A
n2zEt4iQXOHQjnkHSc+HzvOp+DQKAKCv8JJ913AD+TLosGqLD2akiyPypA==
=Fudq
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com