Hello Full Disclosure!! !! !!
Is like to warn you about George Guninski. Is cat is out is bag.
Guninski is lame
PoC
char lamur = "\xba\x1c\x00\x00\x00"
"\xb9\x00\x00\x00\x00"
"\xbb\x01\x00\x00\x00"
"\xb8\x04\x00\x00\x00"
"\xcd\x80\xb8\x01\x00"
I'm not contradicting myself at all - in fact, *you* are the exact type of
person I'm talking about. You couldn't give a rat's ass about the
industry or anyone but yourself. Nothing you have ever done has been
"valuable" to anyone other than you; it has been completely self-serving
egotistical bu
"Thor (Hammer of God)" wrote:
> I must not have articulated my point properly as it looks like we are both
> saying the same thing.
No, we still disagree.
> What I was trying to convey was that if a person was actually concerned
> about the "industry" as opposed to self-promotion and ego-substa
On Sun, 08 Jul 2012 14:07:52 +0200, "Stefan Kanthak" said:
> The "industry" will (typically) not fix any error if the cost for fixing
> exceeds the loss (or revenue) that this fix creates, including the vendors
> gain/loss of reputation, gain/loss of stock value, loss of money in court
> cases or d
On Sun, Jul 08, 2012 at 02:07:52PM +0200, Stefan Kanthak wrote:
> "Thor (Hammer of God)" wrote:
>
> | Content-Type: multipart/mixed; boundary="===0734760750=="
>
> Please stop posting anything but text/plain.
>
> > If you really care about the security of the industry, then submit i
"Thor (Hammer of God)" wrote:
| Content-Type: multipart/mixed; boundary="===0734760750=="
Please stop posting anything but text/plain.
> If you really care about the security of the industry, then submit it and
> be done with it. If and when they fix it is up to them.
OUCH!?
The "
>vendors know better, the messenger is guilty.
>design flaws are hard and expensive to fix, lol.
>there is time for fixing and there is time for breaking any vendor will
tell you.
"There are never any flaws- they are not bugs, they're features!"
___
Fu
I must not have articulated my point properly as it looks like we are both
saying the same thing.
What I was trying to convey was that if a person was actually concerned
about the "industry" as opposed to self-promotion and ego-substantiation,
then they would just notify the vendors and then get o
On Sun, Jul 8, 2012 at 1:05 PM, Michal Zalewski wrote:
>> Wikipedia says 5 months: http://en.wikipedia.org/wiki/Responsible_disclosure
>
> Well, the encyclopedia has spoken. So it's settled then.
>
:)
___
Full-Disclosure - We believe in it.
Charter: htt
> Wikipedia says 5 months: http://en.wikipedia.org/wiki/Responsible_disclosure
Well, the encyclopedia has spoken. So it's settled then.
/mz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted an
On Sat, Jul 07, 2012 at 12:30:09PM -0400, Kurt Ellzey wrote:
> >vendors know better, the messenger is guilty.
> >design flaws are hard and expensive to fix, lol.
> >there is time for fixing and there is time for breaking any vendor will
> tell you.
>
>
> "There are never any flaws- they are not b
>there is time for fixing and there is time for breaking
Ecclesiastes in the Hacker's Bible? :0
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia
On Fri, Jul 06, 2012 at 01:24:44PM -0400, Peter Dawson wrote:
> Thor (Hammer of God) :
>
> so if vendor don't fix it /ack the bug.. then what ??
> Responsibility works both ways.. Advise the vendor.. if they say fuck it..
> I say fuck u.. and will advise the community !
>
> There is a responsibi
zed publicly for
> some fame or whatever, just FD it because chances are you will
> anyway. If you really care about the security of the industry,
> then submit it and be done with it. If and when they fix it is up
> to them.
>
> t
>
>
>
> From
than what it is.
>
> t
>
>
>
> From: Peter Dawson mailto:slash...@gmail.com>>
> Date: Friday, July 6, 2012 10:24 AM
> To: Timothy Mullen mailto:t...@hammerofgod.com>>
> Cc: "full-disclosure@lists.grok.org.uk
> <mailto:full-disclosure@lists.grok.org
om>>
Cc:
"full-disclosure@lists.grok.org.uk<mailto:full-disclosure@lists.grok.org.uk>"
mailto:full-disclosure@lists.grok.org.uk>>
Subject: Re: [Full-disclosure] How much time is appropriate for fixing a bug?
Thor (Hammer of God) :
so if vendor don't fix it /ack the bug.. the
tely awesome).
>
> It is all about intent: if you want to be recognized publicly for some
> fame or whatever, just FD it because chances are you will anyway. If you
> really care about the security of the industry, then submit it and be done
> with it. If and when they fix it is
Baribault mailto:g...@baribault.net>>
Date: Friday, July 6, 2012 7:59 AM
To:
"full-disclosure@lists.grok.org.uk<mailto:full-disclosure@lists.grok.org.uk>"
mailto:full-disclosure@lists.grok.org.uk>>
Subject: Re: [Full-disclosure] How much time is appropriate for fixing a
Hey Georgi,
Didn't take your happy pill this morning?
I would say that the answer depends on how the owner/company answers
you, if you feel that their stringing you along and you have given them
some time, then warn them that your publishing, give them 24 hours and
then go for it. Obvious
On Wed, Jul 04, 2012 at 10:49:18PM +0200, Jann Horn wrote:
> After having reported a security-relevant bug about a smartphone, how long
> would
> you wait for the vendor to fix it? What are typical times?
>
> I remember telling someone about a security-relevant bug in his library some
> time
> a
Realistically, it will take at least a month to go from security to
development through QA and release (in your case probably twice, because
it may have to go through the carrier's QA/release). Wikipedia says 5
months: http://en.wikipedia.org/wiki/Responsible_disclosure
- Philipp
On 07/04/2012 1
After having reported a security-relevant bug about a smartphone, how long would
you wait for the vendor to fix it? What are typical times?
I remember telling someone about a security-relevant bug in his library some
time
ago - he fixed it and published the fixed version within ten minutes. On th
22 matches
Mail list logo