Ola Couldn't agree more, if indeed such a exploit (and therefor a bug) exist it must be brought to the surface. Maybe notifying our friends at honeypots@ would be a good idea, finding ways to detect such a attack. Joep -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi again A number of people have pointed out to me that ~el8 is a group, not an individual. My bad on that point. It's also apparent that many are afraid to stick their necks out when mentioning this group, judging by the number of emails sent to me that weren't CC'd to the lists. I really don't understand what the problem is. Isn't it in our best interests to openly discuss these remote kernel vulnerabilities? Or is everyone content with this group of kids being able to gain access to almost anything they choose just because of someone's choice of operating system? And what kind of researcher would've given them these tools before notifying the rest of us anyway? I really think it's time to let the cat out of the bag on this issue. It's been reported to me that if the vulnerability rumours are true, then even most firewall setups would be completely futile. So am I just supposed to remain quiet about this like everyone else and hope I'm not attacked? My friend told me that there is no guarantee that any source tree fixes actually fix the bugs that these kids have access to. So in other words, unless one of these brats comes forward or the irresponsible security professional who was reckless with the information, we can never be sure that we have an operating system with these bugs fixed. If they don't deface websites with these exploits, then what do they do? Steal credit card information? Makes little difference to my argument. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 02:20:42 PDT