Full Disclosure mailing list archives
for the record... (Tru64 / Compaq)
From: full-disclosure () lists netsys com (KF)
Date: Wed, 31 Jul 2002 19:42:44 -0700
This is a multi-part message in MIME format. ------=_NextPart_000_0017_01C238CA.70848F00 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable http://www.msnbc.com/news/788216.asp?0dm=3DT14JT Clarke cautioned that hackers should be responsible in reporting = programming mistakes. A hacker should contact the software maker first, = he said, then go to the government if the software maker does not = respond soon. ------------------------------------ For the record... we contacted HP(at the time Compaq), and CERT several = times. I attached the original version of our su exploit (not the one = that phased leaked) to NIPC and to CERT BOTH. We recieved an extremely = long delay at CERT before they even responded. At that point I called = CERT 2 times to see what the heck was going on and eventually I = establish contact (Ian Finley). I also mailed nipc.watch () nipc gov or = whatever the email address on their page was. They didn't mail back ... = no auto responder or nothing. ( I mailed the back weeks later and said I = was shocked that I got no response and still got nothing back). I then = called the NIPC hotline 3 times. The first 2 times I called I spoke to = someone that should have been flopping whoppers "uhhhh a non-executable = computer security what... let me send you to so and so's voicemail". = Then I called back a week later and gave them the CERT vu numbers (after = CERT finally responed). I left my cell phone number on someones = voicemail again at NIPC... no one called me back.=20 I deeply regret the fact that one of my team members plagerized another = and leaked some code but my god people WE TRYED to give SEVERAL people a = heads up!=20 -KF=20 ------=_NextPart_000_0017_01C238CA.70848F00 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4916.2300" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2><FONT face=3DArial size=3D2><A=20 href=3D"http://www.msnbc.com/news/788216.asp?0dm=3DT14JT">http://www.msnb= c.com/news/788216.asp?0dm=3DT14JT</A></FONT></FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" = size=3D3>Clarke=20 cautioned that hackers should be responsible in reporting programming = mistakes.=20 A hacker should contact the software maker first, he said, then go to = the=20 government if the software maker does not respond = soon.</FONT></FONT></DIV> <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman"=20 size=3D3></FONT></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman"=20 size=3D3>------------------------------------</FONT></DIV> <DIV><BR></DIV></FONT> <DIV><FONT face=3DArial size=3D2>For the record... we contacted HP(at = the time=20 Compaq), and CERT several times. I attached the original version of = our su=20 exploit (not the one that phased leaked) to NIPC and to CERT BOTH. We = recieved=20 an extremely long delay at CERT before they even responded. = At that=20 point I called CERT 2 times to see what the heck was going on and = eventually=20 I establish contact (Ian Finley). I also mailed <A=20 href=3D"mailto:nipc.watch () nipc gov">nipc.watch () nipc gov</A> or whatever = the email=20 address on their page was. They didn't mail back ... no auto responder = or=20 nothing. ( I mailed the back weeks later and said I was shocked that I = got no=20 response and still got nothing back). I then called the NIPC hotline 3 = times.=20 The first 2 times I called I spoke to someone that should have been = flopping=20 whoppers "uhhhh a non-executable computer security what... let me send = you to so=20 and so's voicemail". Then I called back a week later and gave them the = CERT vu=20 numbers (after CERT finally responed). I left my cell phone number on = someones=20 voicemail again at NIPC... no one called me back. </FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>I deeply regret the fact that one of my = team=20 members plagerized another and leaked some code but my god people WE = TRYED to=20 give SEVERAL people a heads up! </FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-KF</FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><BR> </DIV></FONT></BODY></HTML> ------=_NextPart_000_0017_01C238CA.70848F00--
Current thread:
- for the record... (Tru64 / Compaq) KF (Jul 31)
- for the record... (Tru64 / Compaq) KF (Jul 31)