Full Disclosure mailing list archives
Re: Fwd: ipv6 flaw (is bullshit)
From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming () simplicitymedialtd co uk>
Date: Tue, 26 Oct 2010 19:01:03 +0100
So.. im confused.. Is there actually a 'sploit in the wild then, or is this all bs? On Tue, Oct 26, 2010 at 6:56 PM, Christian Sciberras <uuf6429 () gmail com>wrote:
Why don't you all STFU and go play with your little IRC bots!I was wondering, did anyone actually miss the point? Over and out. On Mon, Oct 18, 2010 at 11:10 AM, Christian Sciberras <uuf6429 () gmail com> wrote:Why don't you all STFU and go play with your little IRC bots! On Mon, Oct 18, 2010 at 11:08 AM, PsychoBilly <zpamh0l3 () gmail com>wrote:Anyways...http://images.encyclopediadramatica.com/images/thumb/e/ed/Internet_business.jpg/569px-Internet_business.jpg[[ Andrew Auernheimer ]] @ [[ 18/10/2010 10:58]]------------------------------------------------------------ Forwarded message ---------- From: Andrew Auernheimer <gluttony () gmail com> Date: Mon, 18 Oct 2010 04:51:59 -0400 Subject: Re: ipv6 flaw To: edit () zdnet com au Cc: Eugene Teo <eugene () redhat com> Dear ZDnet, This story:http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htmis someone talking straight out of their ass. We have no such exploit, If we did have such an exploit, there is absolutely no way we would share it with external parties. Not 4chan, not anyone. Due to the immense success and resiliency of the Linux platform, a 0-day kernel remote is worth serious money ($100k+ if you know the right buyers), and we would have given it to the highest bidder or put it on Bugtraq for maximum industry publicity. We would not have given it away for free to ineffectual idiots in their moms basements who aren't accomplishing anything. Beyond that, many of my closest friends make their living off of intellectual property. I do not support defacement and DDoS as a method of protest against anything, especially not a childish protest against copyright. Authors have a right to charge however much they please for their creative works. The people involved with these DDoS attacks and web site defacements need to grow up and do something useful with their lives. This article is ridden with a number of verifiably false errors. I'm sure a quick talk with Eugene from the Red Hat Linux corporation (he is cc'd to this email) could get you in touch with Linus who could confirm that no such communication with us ever existed. In addition, while I am probably one of the most skilled web application and browser exploit hackers in the world, I do not do kernel bugs. I have never done kernel work, with the exception of some stuff I did years ago related to Mac OS X kext. Every single bit of my previous public research has been related to a web browser bug or a web application bug. If someone in Goatse Security were to be involved with the creation of a kernel-related exploit, it would not be me. Lastly, my contact info is amazingly public. I was awake and checking my email when your story was posted, and for the 11 or so hours preceeding it. I have also talked with reporters at ZDnet previously, including ZDnet Australia. So the next time you have the urge to print libelous, sensational misinformation defaming both the integrity of my information security working group and the security of Linux, please give me an e-mail or phonecall first. The contact info is on the Goatse Security website. I should be informed of this stuff by your "journalists" (who are supposed to do things such as contact parties involved in a suspect claim from a random anonymous idiot on the Internet) and not someone from a major software vendor. Thanks, weev On Mon, Oct 18, 2010 at 2:35 AM, Eugene Teo <eugene () redhat com>wrote:Hi Weev, I read a ZDNet news report that you have discovered a Linux kernelvulnerability, and I am wondering if you will be willing to share the technical details of the flaw.http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htmThanks, Eugene -- Eugene Teo / Red Hat Security Response Team_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Cal Leeming Operational Security & Support Team *Out of Hours: *+44 (07534) 971120 | *Support Tickets: * support () simplicitymedialtd co uk *Fax: *+44 (02476) 578987 | *Email: *cal.leeming () simplicitymedialtd co uk *IM: *AIM / ICQ / MSN / Skype (available upon request) Simplicity Media Ltd. All rights reserved. Registered company number 7143564
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: ipv6 flaw (is bullshit) Andrew Auernheimer (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) PsychoBilly (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) Christian Sciberras (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) Andrew Auernheimer (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) Christian Sciberras (Oct 26)
- Re: Fwd: ipv6 flaw (is bullshit) Cal Leeming [Simplicity Media Ltd] (Oct 26)
- Re: Fwd: ipv6 flaw (is bullshit) Benji (Oct 26)
- Re: Fwd: ipv6 flaw (is bullshit) Christian Sciberras (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) PsychoBilly (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) Benji (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) Andrew Auernheimer (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) king of pain (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) Andrew Auernheimer (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) king of pain (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) coderman (Oct 22)
- Re: Fwd: ipv6 flaw (is bullshit) Andrew Auernheimer (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) Ana Kismet (Oct 19)
- <Possible follow-ups>
- Re: Fwd: ipv6 flaw (is bullshit) Michael Krymson (Oct 18)
- Re: Fwd: ipv6 flaw (is bullshit) batch stack (Oct 19)