Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Fwd: Re: [Full-Disclosure] for the record... (Tru64 / Compaq)

Fwd: Re: [Full-Disclosure] for the record... (Tru64 / Compaq)

From: John Scimone <sert_at_snosoft.com>
Date: Wed, 31 Jul 2002 20:23:23 +0000

kf wanted this sent on
-sert

---------- Forwarded Message ----------

Subject: Re: [Full-Disclosure] for the record... (Tru64 / Compaq)
Date: Wed, 31 Jul 2002 20:01:07 -0700
From: "KF" <dotslash_at_snosoft.com>
To: <full-disclosure_at_lists.netsys.com>

I can't seem to get this to bugtraq ... darn mime types keep barking at me...
 someone wanna forward it. -KF

  ----- Original Message -----
  From: KF
  To: full-disclosure_at_lists.netsys.com ; bugtraq_at_securityfocus.com ;
 recon_at_snosoft.com Sent: Wednesday, July 31, 2002 7:42 PM
  Subject: [Full-Disclosure] for the record... (Tru64 / Compaq)

  http://www.msnbc.com/news/788216.asp?0dm=T14JT

  Clarke cautioned that hackers should be responsible in reporting
 programming mistakes. A hacker should contact the software maker first, he
 said, then go to the government if the software maker does not respond soon.

  ------------------------------------

  For the record... we contacted HP(at the time Compaq), and CERT several
 times. I attached the original version of our su exploit (not the one that
 phased leaked) to NIPC and to CERT BOTH. We recieved an extremely long delay
 at CERT before they even responded. At that point I called CERT 2 times to
 see what the heck was going on and eventually I establish contact (Ian
 Finley). I also mailed nipc.watch_at_nipc.gov or whatever the email address on
 their page was. They didn't mail back ... no auto responder or nothing. ( I
 mailed the back weeks later and said I was shocked that I got no response
 and still got nothing back). I then called the NIPC hotline 3 times. The
 first 2 times I called I spoke to someone that should have been flopping
 whoppers "uhhhh a non-executable computer security what... let me send you
 to so and so's voicemail". Then I called back a week later and gave them the
 CERT vu numbers (after CERT finally responed). I left my cell phone number
 on someones voicemail again at NIPC... no one called me back.

  I deeply regret the fact that one of my team members plagerized another and
 leaked some code but my god people WE TRYED to give SEVERAL people a heads
 up!

  -KF

-------------------------------------------------------
Received on Aug 01 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos