Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Ana Kismet (anakismetgmail.com)
Date: Mon Oct 18 2010 - 08:35:26 CDT
"I do not do kernel bugs"
Bold faced lie
On Mon, Oct 18, 2010 at 3:58 AM, Andrew Auernheimer <gluttonygmail.com>wrote:
> ---------- Forwarded message ----------
> From: Andrew Auernheimer <gluttonygmail.com>
> Date: Mon, 18 Oct 2010 04:51:59 -0400
> Subject: Re: ipv6 flaw
> To: editzdnet.com.au
> Cc: Eugene Teo <eugeneredhat.com>
> Dear ZDnet,
> This story:
> is someone talking straight out of their ass. We have no such
> exploit, If we did have such an exploit, there is absolutely no way we
> would share it with external parties. Not 4chan, not anyone. Due to
> the immense success and resiliency of the Linux platform, a 0-day
> kernel remote is worth serious money ($100k+ if you know the right
> buyers), and we would have given it to the highest bidder or put it on
> Bugtraq for maximum industry publicity. We would not have given it
> away for free to ineffectual idiots in their moms basements who aren't
> accomplishing anything.
> Beyond that, many of my closest friends make their living off of
> intellectual property. I do not support defacement and DDoS as a
> method of protest against anything, especially not a childish protest
> against copyright. Authors have a right to charge however much they
> please for their creative works. The people involved with these DDoS
> attacks and web site defacements need to grow up and do something
> useful with their lives.
> This article is ridden with a number of verifiably false errors. I'm
> sure a quick talk with Eugene from the Red Hat Linux corporation (he
> is cc'd to this email) could get you in touch with Linus who could
> confirm that no such communication with us ever existed. In addition,
> while I am probably one of the most skilled web application and
> browser exploit hackers in the world, I do not do kernel bugs. I have
> never done kernel work, with the exception of some stuff I did years
> ago related to Mac OS X kext. Every single bit of my previous public
> research has been related to a web browser bug or a web application
> bug. If someone in Goatse Security were to be involved with the
> creation of a kernel-related exploit, it would not be me.
> Lastly, my contact info is amazingly public. I was awake and checking
> my email when your story was posted, and for the 11 or so hours
> preceeding it. I have also talked with reporters at ZDnet previously,
> including ZDnet Australia. So the next time you have the urge to print
> libelous, sensational misinformation defaming both the integrity of my
> information security working group and the security of Linux, please
> give me an e-mail or phonecall first. The contact info is on the
> Goatse Security website. I should be informed of this stuff by your
> "journalists" (who are supposed to do things such as contact parties
> involved in a suspect claim from a random anonymous idiot on the
> Internet) and not someone from a major software vendor.
> On Mon, Oct 18, 2010 at 2:35 AM, Eugene Teo <eugeneredhat.com> wrote:
> > Hi Weev,
> > I read a ZDNet news report that you have discovered a Linux kernel
> vulnerability, and I am wondering if you will be willing to share the
> technical details of the flaw.
> > Thanks, Eugene
> > --
> > Eugene Teo / Red Hat Security Response Team
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/