Dailydave mailing list archives
This guy cracks me up.
From: "johnny cache" <johnycsh () gmail com>
Date: Tue, 5 Sep 2006 15:33:58 -0700
So, anyone else out there think im an idiot doing a dis-service to the entire computer security industry?
Since you asked... "Idiot" is a _little_ harsh. You and DM have joined Eric Brandwine, Todd MacDermid, and to be fair, Dino Dai Zovi* on my very short list of "people who fucked me out of precious Black Hat Briefings time by misrepresenting their talk", and I _really_ didn't appreciate that.
What useful info did you present? I can summarize it in a small number of bytes without forking out thousands of dollars and flying to Vegas: "wifi drivers are porrly written. I can exploit them - trust me. Here's a home video of David supposedly doing it." Had I known, I'd have watched Kevin Mandia's incident response talk.
Sorry to hear you didn't get much out of my talk. although no one thinks this is nearly as cool as this code execution stuff, I did spend quite a lot (say half?) of the time speaking about fingerprinting 802.11 device drivers. The reason being if you have a wifi device driver exploit, knowing the device driver and or driver version is very important. If anyone is interested in this, I am looking for beta testers for the code. Shoot me an email. I should emphasize that this code is not easy to use, and will not pop up a cool display showing all the cards in the area and their device drivers. Emphasis on beta.
I save some blame for Jeff Moss for approving your non-presentation. After the Fnord kmod fiasco he promised that there would never again be talks where the code or information was unavailable. Oops.
I amjust not sure what people want. Have you ever been to a talk at any conference that was just a walk through of a single bug? There are places that you can go to get this, and it's generally called training, not a talk. We also spent some time talking about how to write a fuzzers. Since the last thing I want to do right now is find any more device driver bugs, here's a copy of the lastest svn of airbase. It contains fuzz-e in the tools directory. Consider it compensation for wasting your time during BH. Anyone else who wants a slice of the wonderful wi-fi device driver bug pie no longer even needs to write code. They just need to get lucky running mine, and dig into some crash dumps. Just don't expect any tech support. It's a bitch to set up. http://www.802.11mercenary.net/~johnycsh/prone_to_deletion/airbase-svn-84.tar.gz -jc _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: This guy cracks me up., (continued)
- Re: This guy cracks me up. MindsX (Sep 03)
- Re: This guy cracks me up. dan (Sep 03)
- Re: This guy cracks me up. Dave Aitel (Sep 04)
- Re: This guy cracks me up. Bob Mahoney (Sep 04)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Re: This guy cracks me up. MindsX (Sep 03)
- Re: This guy cracks me up. Jamie Riden (Sep 04)
- Re: This guy cracks me up. Bill Weiss (Sep 05)
- Re: This guy cracks me up. Daniel (Sep 06)