RE: remote kernel exploits?

[isergevsky () hushmail com (isergevsky () hushmail com)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



> If this group of coders el8 (yes, I heard about them before - I
> remember
> somebody got the wu-ftpd 2.6.2 exploit from them a few weeks be
> fore it was
> released) would have such type of exploits than it's only a mat
> her of weeks
> before it's gonna show up.

Not everybody cares about disclosing bugs as you SURELY don't know. The ~el8 team are supporters/initiators of 'Project 
Mayhem', an underground movement trying to bring the internet to its knees. They will not disclose such thing. 
Ac1dB1tch3z are aswell supporting this movement.

> Since they're underground they're probably not looking for mone
> y but fame (if
> they really want to steal cc information all they have to do is
> search google
> for orders.dbf cart32.exe and God knows what other insecure web
> cart
> releases.). So if they're looking for fame they will probably r
> elease in a
> few weeks or so some kind of exploit (with something like "wors
> hip us 'cauze
> we are the gods of coding" in the coments).
Hahahaha! Not *EVERYBODY* cares about hacking into pr0n websites to grab warrez. Besides, these guys seem to have more 
skill than u can imagine and they don't care about YOU or other kiddies like you 'worship' them or not. Disclosing such 
a bug (if it exists) would mean TOTAL HAVOC on InterNet structure.

> Yes, it's true that a kernel exploit would pass firewalls becau
> se 99% of
> firewalls are based on kernel. But i don't think that it would
> be the end of
> the world. Because the reason we love open-source is the speed
> of patching
> it. And if it's gonna be an exploit, there's certanly gonna be
> a patch for
> it. Apache, OpenSSH, OpenSSL are all widespread services yet th
> ey all have
> been vulnerable... we survived. We're still here... my server's
> are still not
> compromised... So have no fear cause "In open-source we trust"
>
> --

> -------------------
> Proud member of PentaGuard
> "Making the net a safer place since 1998"
Let me laugh my ass off, please! Since when does PentaGuard care about security? Last time i checked you guys were a 
lame defacing group using IIS 4.0 exploits to own .mil sites. As people found out that the bug exists (after 1 year 
since it was posted on bugtraq) your group's activity was reduced to zero. You have no clue about the scene or *nix. 
Please, dont make a fool out of yourself and shut up.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wl8EARECAB8FAj2Ck/MYHGlzZXJnZXZza3lAaHVzaG1haWwuY29tAAoJEMfRnqqodk8T
SwkAn068ZgxaYV2d14L0MZE1Dc//+WiaAKCMeolS1wwqZsdG1PFizSPlQe7+cg==
=aphN
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com