On Sat, Sep 24, 2011 at 07:49:19AM +1000, GloW - XD wrote: > Aha, sounds like typical (unfortunately), the case of the 'sads' on Ubuntus > behalf. > This is what unfortunately stops somany people from reporting, just that > BIT of acknowledgemnt, even just a thanks on theyre webpage, but instead > they people think "oh well, this guy has probably raped 5000 boxes then > given us this" , it must be the approach of some companies, or they have > very pathetic secteams, (in ubuntus cause, -no comment rofl). > anyhow thx for clearing that up. > cheers, > xd > >
10x. btw, there is strange behaviour with colliding gpg key IDs. the first one totally shadows the second one, which might potentially be exploitable. a possible scenario might be to trick the user to import the forged key ID first. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
