Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Talk in #grsecurity
From: Joshua Brindle <method () gentoo org>
Date: Fri, 26 Mar 2004 14:46:16 -0600

I was there and the conversation most certainly happened, in fact you can see when i joined in the pasted converstation.

The reason the conversation was posted is because this is full disclosure where I assume at least the majority of people actually believe in full disclosure and people keeping vulnerabilities secret isn't exactly kosher. This in particular is what i'm refering to

[22:40] <BlackNet> how many do you have that's not released?
[22:41] <spender> 2 for exec-shield
[22:41] <spender> 3 for systrace
[22:41] <spender> 1 for DTE
[22:41] <spender> ~10 for LIDS
[22:42] <BlackNet> that's alot
[22:42] <spender> oh
[22:42] <spender> 3 i think for linsec
[22:43] <BlackNet> all of these are non-reported?
[22:43] <spender> correct

So I ask grsecurity fans, why would you run the software of someone no better than the people trying to crack your machine? This is not responsible behaviour and shows a clear disregard for security and safety of others.

Joshua Brindle

andrewg () d2 net au wrote:
The point of the previous post was to point out that people shouldn't
believe anything posted until other people in the conversation agree that
it happened and/or make a statement about it.

--> http://www.angelfire.com/electronic/bodhidharma/mu.html

Just to let everyone know I am awaiting these exploits
to be released to the respected parties in due time or an apology for
falsifying these claims.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]