So.. im confused.. Is there actually a 'sploit in the wild then, or is this all bs?
On Tue, Oct 26, 2010 at 6:56 PM, Christian Sciberras <[email protected]>wrote: > > Why don't you all STFU and go play with your little IRC bots! > > > > > I was wondering, did anyone actually miss the point? > Over and out. > > > > > > On Mon, Oct 18, 2010 at 11:10 AM, Christian Sciberras <[email protected]> > wrote: > > > > Why don't you all STFU and go play with your little IRC bots! > > > > > > > > > > On Mon, Oct 18, 2010 at 11:08 AM, PsychoBilly <[email protected]> > wrote: > >> > >> Anyways... > >> > http://images.encyclopediadramatica.com/images/thumb/e/ed/Internet_business.jpg/569px-Internet_business.jpg > >> > >> [[ Andrew Auernheimer ]] @ [[ 18/10/2010 10:58 > ]]-------------------------------------------------- > >> > ---------- Forwarded message ---------- > >> > From: Andrew Auernheimer <[email protected]> > >> > Date: Mon, 18 Oct 2010 04:51:59 -0400 > >> > Subject: Re: ipv6 flaw > >> > To: [email protected] > >> > Cc: Eugene Teo <[email protected]> > >> > > >> > Dear ZDnet, > >> > > >> > This story: > http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm > >> > is someone talking straight out of their ass. We have no such > >> > exploit, If we did have such an exploit, there is absolutely no way we > >> > would share it with external parties. Not 4chan, not anyone. Due to > >> > the immense success and resiliency of the Linux platform, a 0-day > >> > kernel remote is worth serious money ($100k+ if you know the right > >> > buyers), and we would have given it to the highest bidder or put it on > >> > Bugtraq for maximum industry publicity. We would not have given it > >> > away for free to ineffectual idiots in their moms basements who aren't > >> > accomplishing anything. > >> > > >> > Beyond that, many of my closest friends make their living off of > >> > intellectual property. I do not support defacement and DDoS as a > >> > method of protest against anything, especially not a childish protest > >> > against copyright. Authors have a right to charge however much they > >> > please for their creative works. The people involved with these DDoS > >> > attacks and web site defacements need to grow up and do something > >> > useful with their lives. > >> > > >> > This article is ridden with a number of verifiably false errors. I'm > >> > sure a quick talk with Eugene from the Red Hat Linux corporation (he > >> > is cc'd to this email) could get you in touch with Linus who could > >> > confirm that no such communication with us ever existed. In addition, > >> > while I am probably one of the most skilled web application and > >> > browser exploit hackers in the world, I do not do kernel bugs. I have > >> > never done kernel work, with the exception of some stuff I did years > >> > ago related to Mac OS X kext. Every single bit of my previous public > >> > research has been related to a web browser bug or a web application > >> > bug. If someone in Goatse Security were to be involved with the > >> > creation of a kernel-related exploit, it would not be me. > >> > > >> > Lastly, my contact info is amazingly public. I was awake and checking > >> > my email when your story was posted, and for the 11 or so hours > >> > preceeding it. I have also talked with reporters at ZDnet previously, > >> > including ZDnet Australia. So the next time you have the urge to print > >> > libelous, sensational misinformation defaming both the integrity of my > >> > information security working group and the security of Linux, please > >> > give me an e-mail or phonecall first. The contact info is on the > >> > Goatse Security website. I should be informed of this stuff by your > >> > "journalists" (who are supposed to do things such as contact parties > >> > involved in a suspect claim from a random anonymous idiot on the > >> > Internet) and not someone from a major software vendor. > >> > > >> > Thanks, > >> > weev > >> > > >> > On Mon, Oct 18, 2010 at 2:35 AM, Eugene Teo <[email protected]> > wrote: > >> >> > >> >> Hi Weev, > >> >> > >> >> I read a ZDNet news report that you have discovered a Linux kernel > vulnerability, and I am wondering if you will be willing to share the > technical details of the flaw. > >> >> > >> >> > http://www.zdnet.com.au/4chan-finds-linux-kernel-flaw-for-attacks-339306657.htm > >> >> > >> >> Thanks, Eugene > >> >> -- > >> >> Eugene Teo / Red Hat Security Response Team > >> > > >> > _______________________________________________ > >> > Full-Disclosure - We believe in it. > >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> > Hosted and sponsored by Secunia - http://secunia.com/ > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Cal Leeming Operational Security & Support Team *Out of Hours: *+44 (07534) 971120 | *Support Tickets: * [email protected] *Fax: *+44 (02476) 578987 | *Email: *[email protected] *IM: *AIM / ICQ / MSN / Skype (available upon request) Simplicity Media Ltd. All rights reserved. Registered company number 7143564
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
