Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Leaks Unreleased CERT Reports

chrisd posted more than 11 years ago | from the certain-errors-remain-tolerable dept.

Security 379

Call Me Black Cloud writes "A hacker calling himself "Hack4Life" swiped 3 unpublished vulnerability reports from a company working with CERT and posted them to the Full Disclosure mailing list. A couple of days later, he did it again (while promising weekly leaks). Wired also has a story, including a link to one of the postings."

cancel ×

379 comments

Sorry! There are no comments related to the filter you selected.

A little bit ironic (5, Funny)

OptimizedPrime (558992) | more than 11 years ago | (#5588745)

Its a little too ironic if he's using the leaks in the reports he steals....

Re:A little bit ironic (5, Funny)

yoni003 (650443) | more than 11 years ago | (#5588767)

heh..these vulnerability reports shouldn't be so vulnerable

Re:A little bit ironic (0)

Anonymous Coward | more than 11 years ago | (#5588776)

(-7, Redundant)

Re:A little bit ironic (0)

Anonymous Coward | more than 11 years ago | (#5588926)

It might not be such a bad thing... CERT reports aren't know for being timely, to say the least :)

Maybe one of these days they'll let out the secrets of that sendmail DEBUG hole... ;)

Re:A little bit ironic (5, Funny)

jd_esguerra (582336) | more than 11 years ago | (#5588816)

What will be really ironic is if he gets hacked to pieces in prison for protecting his own back-door. Once the guys in prison looking for "root access" portscan him, I bet they'll waste no time compromising his socket. Yep. I'm sick. And bored.

Re:A little bit ironic (1, Funny)

Anonymous Coward | more than 11 years ago | (#5588859)

I'm sure his hub will show plenty of packet collisions.

Re:A little bit ironic (1)

ahkbarr (259594) | more than 11 years ago | (#5588898)

He should enable "split horizon" in his switch ports.

Also he should monitor for trojans.

Re:A little bit ironic (0)

Anonymous Coward | more than 11 years ago | (#5588929)

Does CERT not notify more than just the vendor before the bug release?

oh the irony! (1, Funny)

Anonymous Coward | more than 11 years ago | (#5588747)

wonder if there will be an advisory over this

Re:oh the irony! (0)

Anonymous Coward | more than 11 years ago | (#5588762)

Yes. It'll be out tomorrow, but it's not scheduled to be released until Friday.

Damn, that motherfucker is a terrorist. Bomb him!! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588748)

Goatse man got some tatoos

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_______How's_\___My_______/____\_______o_ _
a|_______|_Collateral__\__Damage?_|______|______a_ _
t|_______`.___Call__1-800-FUCKOFF_|__N____:_____t_ _
s`___M____|_____________|________\|__U_A__|_____s_ _
e_\__O____|_/_______/__\\\___--___\\__K_R__:____e_ _
x__\__M___\/____--~~__________~--__|_\E_A__|____x_ _
*___\______\_-~____________________~-_\_B__|____*_ _
g____\______\_________.--------.______\|S__|____g_ _
o______\_____\______//_________(_(__K__\___|____o_ _
a_______\___.__I____)_________(_(___O___|__/____a_ _
t_______/\_|___R_____)/_SHOCK\_(____R___|_/_____t_ _
s______/_/\|___A_____)____&__|__(___E___/__\____s_ _
e_____|___(____Q_____)\__AWE_/__//__A_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_U.N.__/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|___FUCK______|____/_______\__\___FUCK____|_a_ _
t___|__FRANCE__/_/____|_MOABalls|__\_MUSLIMS___|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|___U_____/_/________|____|_______|___U_____|e_ _
x__|___S______|_________|Pipe|_______|___S_____|x_ _
*__|___A_____|__________|Bomb|________|__A_____|*_ _
*__|_________|__________|____|________|________|*_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_e_x_*_


Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Very cool. Thanks for the great graphic! (0)

Anonymous Coward | more than 11 years ago | (#5589013)

Allow me to speak for the silent majority here at Slashdot. We don't always get an opportunity to
thank you for your great efforts to amuse us. Thank you. Love those tattoos. Keep up the good work!

Well.... (1, Funny)

MoonshineKid (615121) | more than 11 years ago | (#5588750)

It shouldn't be that hard to catch him if they know what information is being leaked and when.

MS Security? (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5588754)

Do they use MS software?

Sad news... Saddam Hussein dead at 65 (-1)

Anonymous Coward | more than 11 years ago | (#5588756)

I just heard some sad news on talk radio - Dictator/Supreme Leader Saddam Hussein was found dead in his Baghdad home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon.

Re:Sad news... Saddam Hussein dead at 65 (-1, Offtopic)

jhunsake (81920) | more than 11 years ago | (#5588769)

Interesting, but I'm waiting for Chirac to be found dead before I start celebrating.

Re:Sad news... Saddam Hussein dead at 65 (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588814)

I hope Bush dies before Chirac does. Bush deserves it for all the people he's sending to unnecessary death right now.

Re:Sad news... Saddam Hussein dead at 65 (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588857)

Die you liberal fuck. You should be one of those people, except that would be a necessary death.

Re:Sad news... Saddam Hussein dead at 65 (0, Offtopic)

jhunsake (81920) | more than 11 years ago | (#5588842)

Interesting, but I'm waiting for Chirac to be found dead before I start celebrating. [repost due to unfavorable moderation]

first post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588757)

first post yeah yeah ete chit

first (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588761)

top

Bet he works for ISS (3, Funny)

essdodson (466448) | more than 11 years ago | (#5588768)

With the way ISS handles things I bet they're after this guy.

Otherwise... $5.00 says he works for ISS... any takers?

Re:Bet he works for ISS (2, Funny)

rat7307 (218353) | more than 11 years ago | (#5588853)

I don't think this guy works on the International Space Station............

That's how I read your comment....

Re:Bet he works for ISS (1)

Junior J. Junior III (192702) | more than 11 years ago | (#5588886)

If he is up there, it'll be hard for anyone to get at him... ... then again, they probably could just leave him up there, and after a few months the problem would just sortof take care of itself.

Re:Bet he works for ISS (1)

tejarz (587736) | more than 11 years ago | (#5588938)

don't worry, you're not the only one... what ISS is he talking about anyway

You've spelled Cracker wrong. (0, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588771)

A hacker is someone who tweaks software or hardware beyond it's original specs.

Re:You've spelled Cracker wrong. (5, Insightful)

essdodson (466448) | more than 11 years ago | (#5588793)

The connotation of the word has changed, deal with it, move on. You lost this war years ago. If you don't like what it now means to everyone but you and a few others, then don't choose it as your label.

Simply put, if the masses see "hackers" as evil criminals then that's what "hackers" are. Language is determined by the masses, not by a small minority who get to determine what's PC or right.

Re:You've spelled Cracker wrong. (1, Insightful)

Anonymous Coward | more than 11 years ago | (#5588844)

Does that mean that black people really are niggers in the south?

Yes. (0)

Anonymous Coward | more than 11 years ago | (#5589008)

Move along, nigger.

Re:You've spelled Cracker wrong. (0)

Anonymous Coward | more than 11 years ago | (#5588807)

A cracker is a poor, white southerner, or someone who breaks copy protection. Hacker has always had connotations of activities which are now considered illegal. The law has changed, the meaning has changed. Deal with it.

Re:You've spelled Cracker wrong. (1)

product byproduct (628318) | more than 11 years ago | (#5588836)

Since he hasn't "cracked" anything either, I suggest we call him based on what he's doing: he's a leaker.

Re:You've spelled Cracker wrong. (1, Funny)

mattwolfewvu (642717) | more than 11 years ago | (#5588933)

Yeah, I'm going to be a leaker too, in the bathroom a minute or two after I hit submit. I don't think that Slashdot readers would be too interested in the details though.

Re:You've spelled Cracker wrong. (1)

pc486 (86611) | more than 11 years ago | (#5588847)

I think a hacker is someone who uses software or hardware in a creative way, which includes creative hacks as in source and creative hacks as in breaking in. This hacker has been creative enough to not only get away with it once but he got away with it twice. If this guy is not a hacker then I don't know who is.

Re:You've spelled Cracker wrong. (2, Insightful)

xihr (556141) | more than 11 years ago | (#5588893)

I think it's ironic how the "hacker" community used go out of their way to emphasize the distinction between hacker (positive) and cracker (negative), but as of late seem to not bother anymore. Certain Slashdot "reporters" don't seem to bother even trying to make the distinction anymore.

Looks like the popular media won this one.

Re:You've spelled Cracker wrong. (1)

mark-t (151149) | more than 11 years ago | (#5589024)

I think, perhaps, that it is because the real hackers simply don't care. That what they are called is associated with malicious intent does not bother the true hacker, because a mere word cannot dictate what a real hacker is. A hacker is instead defined by what he does directly, and that he does it for the sheer joy of doing it.

Aye, Thy demands for frozen language are (0)

Anonymous Coward | more than 11 years ago | (#5588928)

At Ye Olde Computational Machinery Shoppe they still say hacker as well.

Language fucking changes get over it.

Why don't you just go back to speaking latin you fucking backwards fucker.

FD and Bugtraq (5, Informative)

jmays (450770) | more than 11 years ago | (#5588772)

If you enjoy Bugtraq and can put up with the occasional flame war ... FD is an awesome list. FD Charter [netsys.com]

Re:FD and Bugtraq (0)

Anonymous Coward | more than 11 years ago | (#5588871)

Jay Day 0wns. Paul Schmel is a goddamn dweeb, though. Adjunct Information Security Officer, my ass.

Re:FD and Bugtraq (5, Funny)

RLiegh (247921) | more than 11 years ago | (#5588930)


and can put up with the occasional flame war ...

I don't think any regular readers of slashdot fit that discription.

Re:FD and Bugtraq (2, Funny)

DarkKnightRadick (268025) | more than 11 years ago | (#5589012)

No, they prefer continous flame wars. ;)

Damn! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588773)

I thought having the source code eliminated problems like this...Guess not, oh well, Linux r00lz Winblozxe sux0rz!!!

Sun Lags (1)

SenatorKevin (659408) | more than 11 years ago | (#5588774)

Sun is lagging on releasing updates for this RPC vulnerability.

Maybe it's an inside job. (4, Insightful)

no reason to be here (218628) | more than 11 years ago | (#5588778)

Maybe someone that's upset with the way CERT is doing things...
or maybe someone joined CERT just so he/she could play uberhacker.

Re:Maybe it's an inside job. (4, Insightful)

indiigo (121714) | more than 11 years ago | (#5589021)

CERT is a joke, they announce security vulns days late, often skipping arbitrarily vulns that are on a massive scale. Unsubscribed a year ago.

Cracker not hacker (-1, Redundant)

richjoyce (582073) | more than 11 years ago | (#5588779)

This guy is not a hacker, he is a cracker! (actually he's probably both)

I would think at least /. would be able to get that right.

Re:Cracker not hacker (0, Troll)

LBArrettAnderson (655246) | more than 11 years ago | (#5588801)

nowhere in the slashdot article does it say that he hacked; it says that he is a hacker. That's similar to me saying, "The boy ran down the street", and you saying "he's not a boy, he's a runner!"

Coffee (5, Funny)

webword (82711) | more than 11 years ago | (#5588780)

I drink too much coffee. I leak several times per day.

Interesting to note... (5, Interesting)

gnu-sucks (561404) | more than 11 years ago | (#5588781)

What is interesting to note, is that this, or these, as it may be hackers are /releasing/ the truth.

Not defacing web sites, hacking student DB's, etc.

Is truth the new hack of the future?

Re:Interesting to note... (1)

Evil Adrian (253301) | more than 11 years ago | (#5588824)

If we was releasing truth of some worth, perhaps, but these aren't the Pentagon Papers, people, these are silly vulnerability reports for programs.

Re:Interesting to note... (0)

Anonymous Coward | more than 11 years ago | (#5588995)

If it's so unimportant, why all the secrecy? Why is this such a big deal?

I am inclined to agree though. For example, what if it was the truth about how many casualties there are in Iraq? As it is, Iraq says one thing and the "Coalittion" something else. The truth usually lies somewhere in the middle ground.

We NEED more people like the anonymous hacker(s). There's enough lies and bullshit being spun these days that these guys should be considered heros, not criminals.

Re:Interesting to note... (1, Insightful)

bperkins (12056) | more than 11 years ago | (#5588827)

There's a reply to this that is so obvious, that I'm going to leave it to your imagination.

Re:Interesting to note... (1)

scotch (102596) | more than 11 years ago | (#5588939)

Is it "No"? Or perhaps "Yes"? My third guess is "YHBT, HAND".

Re:Interesting to note... (5, Interesting)

madmarcel (610409) | more than 11 years ago | (#5588850)

Hmmm...I vaguely remember a hacker releasing blueprints/plans/files for a rocket or somesuch a while back...

The idea is not unique, and is to be applauded, consider hacking into CNN's network and releasing what they are NOT showing on TV!

This could get out of thand though....
"Truth is a noble cause" -> "HACK THE PLANET!" ;P

Re:Interesting to note... (4, Insightful)

RLiegh (247921) | more than 11 years ago | (#5588956)

When truth is outlawed; only outlaws will tell the truth.

Urgent notification of vulnerability (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588782)



I would imagine that the people preparing those vulnerability reports would notify the software vendor the first thing even before they are finished preparing the reports.....
Who knows how they work. Oh well...

Oh yeah, before I forget, for the best videos ever, go to http://reuters.feedroom.com [feedroom.com]

Your 200 cable or satellite TV channels won't show you what the above mentioned site shows

(you will need a broadband connection to enjoy the videos)

Sneaking A Sniff (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588785)

Am I the only one who sneaks a sniff at their fecal matter following a relaxing bowel movement? I like to sniff it and just catch the variation between each bowel movement.

Very satisfying. I also look at it a little bit to see if I can spot and name any particular food chunks in the poop.

Double-edged sword? (4, Interesting)

Raven42rac (448205) | more than 11 years ago | (#5588790)

This is both good and bad. Good, in the sense that more people will know about these vulnerabilities. Bad, in the sense that more people will know about these vulnerabilities. In my opinion, the only time security vulenrabilities should be released publicly is when they are fixed. Otherwise, teenage script kiddies worldwide will launch attacks on everything and everyone. It is unreasonable to expect all code to be completely secure, it is just flat out impossible. However, when new vulnerabilities are found, they should only be disclosed to those who have the capacity to fix them, and not to the public, whose only reaction will be panic. Comments?

Re:Double-edged sword? (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588820)

Congratulations on an unoriginal, uninteresting rehashing of the age-old debate on this subject.

Re:Double-edged sword? (2, Insightful)

freeweed (309734) | more than 11 years ago | (#5588891)

In my opinion, the only time security vulenrabilities should be released publicly is when they are fixed. Otherwise, teenage script kiddies worldwide will launch attacks on everything and everyone.

Keep in mind that pretty much by definition, "script kiddies" won't be doing much with a new vulnerability, as their sole skill lies in being able to run someone else's code. Most new vulnerabilities either aren't exploited for months (vendor patch or no), or if they are, the exploit certainly isn't public knowledge. Therefore, there's little chance of a script kiddie rampage from some leaked vulnerability.

Ok, so I'm nitpicking ;)

I guess the only real threat with this sort of thing is that someone who actually *might* be able to do something with this, now has a known target to go after.

Re:Double-edged sword? (5, Interesting)

AlexCV (261412) | more than 11 years ago | (#5589006)

Maybe so, but a good kick in the ass of the CERT and the vendors can help speed things up. When an advisory has been in the pipe for a while and is only scheduled to be released in 3-4 months, clearly vendors are a bit lenient in fixing their bugs. Next thing you know the CERT cycle will be 12 to 18 months...

Come one.. (5, Funny)

grub (11606) | more than 11 years ago | (#5588791)


.. we all know who did it. Dust off those "Free Kevin" bumper stickers everyone.

Re:Come one.. (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5588831)

I have a friend who told me that s/he worked actively to get Kevin freed, and that after he was, s/he met him and talked to him for a while, and realized that Mitnick is just a dickhead who deserved what he got.

Re:Come one.. (1)

scotch (102596) | more than 11 years ago | (#5588975)

I have a friend who told me that s/he worked actively to get Kevin freed, and that after he was, s/he met him and talked to him for a while ....

You don't konw what sex your friend is? Yeah,OK, coward.

Well known here... (0, Offtopic)

cperciva (102828) | more than 11 years ago | (#5588794)

goatse.cx trolls have been using these redirectors for quite a while.

Full disclosure link (2, Informative)

AEton (654737) | more than 11 years ago | (#5588795)

The reports this story talks about can be found at the Full Disclosure archives:
http://lists.netsys.com/pipermail/full-disclosure/ [netsys.com] ;
go to March--view by author--hack4life@hushmail.com.

Here's a link to more information about the CERTs (0, Funny)

Anonymous Coward | more than 11 years ago | (#5588798)

This should be a piece of cake to iron out. (4, Interesting)

Elwood P Dowd (16933) | more than 11 years ago | (#5588804)

CERT could just spend a week sending out vulnerabilities to the "ISC" group, and craft each description to be almost exactly identical, except slight differences in the ASCII. Hack4Life posts one of the different versions, and now you know who's been compromised.

This should be 80% solved in under a week. If it takes longer than a week, and CERT keeps sending these things out and getting compromised, then they're a bunch of morons. Somehow, I don't think they're a bunch of morons.

Re:This should be a piece of cake to iron out. (1)

krray (605395) | more than 11 years ago | (#5588854)

Maybe not...what if he knows or is informed what they do? Or he has _multiple_ sources and notes the differences himself?

They're looking for A, B, C, D, E, F, or G and he publishes Z.

Re:This should be a piece of cake to iron out. (1)

trb (8509) | more than 11 years ago | (#5588858)

CERT could just spend a week sending out vulnerabilities to the "ISC" group, and craft each description to be almost exactly identical, except slight differences in the ASCII. Hack4Life posts one of the different versions, and now you know who's been compromised
Then cracker boy can just receive several different copies of the report and run diff himself. D'oh.

Not if there's more than one culprit (1)

Ghoser777 (113623) | more than 11 years ago | (#5588920)

If two insiders are working together, then they can share information and note the plot at hand. Even more devious, why not just steal some one else information to make them look like the culprit?

Of course, this doesn't work unless they see it coming or are extremely paranoid.

F-bacher

Re:Not if there's more than one culprit (1)

Elwood P Dowd (16933) | more than 11 years ago | (#5589033)

Stealing someone else's information wouldn't make them look like the culprit, it would make them look like the victim. I don't think that CERT imagines one of their ISC subscribers is intentionally leaking this information. This is a search for a victim. Once they find the victim, so long as they can secure the victim, CERT shouldn't care too much who the hacker is.

And sure. My idea can be defeated. It could also be improved: Certain details could be divulged only to certain members. If any of those details leak, then those members have a security problem.

My only point is that the current status of the investigation is way, way just beginning. They should be able to figure out which corporation has the leak very quickly. I cannot proscribe a perfect method given the five minutes I've spent thinking about it, but CERT has well paid experts in this sort of thing. They should do much much better.

Re:This should be a piece of cake to iron out. (1)

Superfarstucker (621775) | more than 11 years ago | (#5589022)

alternatively he could just retype out each report effectively taking any intentional branding out of it...

they'll have a real field day with him then..

This won't last long... (4, Interesting)

AEton (654737) | more than 11 years ago | (#5588822)

If CERT is smart, they'll be sending slightly different reports to each vendor (and perhaps storing slightly different copies on each machine which needs them); each copy would contain different typographical errors. Since this l33t h4x0r d00d is just posting direct cut-n-pastes of the reports, they can trace the haxored machine or compromised company within days of posting. (ps: that 'brilliant' idea came to me from a Tom Clancy spy novel)

Re:This won't last long... (1)

essdodson (466448) | more than 11 years ago | (#5588843)

Stenography rules!

Re:This won't last long... (1)

tricknology (112298) | more than 11 years ago | (#5588978)

Stenography rules? Are you a court reporter?

Is CERT doing what they are supposed 2 do? (5, Insightful)

t0c (658568) | more than 11 years ago | (#5588828)

Well are they?? I mean they are supposed 2 help security not help companies look better... I mean come on in the end we're suffering... by the time they get the advisory out some exploit is out and we have no idea there is a fault. Isn't that a bit the reverse of what CERT is supposed to be doing? Post advisories so we can protect ourselves. I don't know it's just a personal opinion and what I understand of this. It's outrageous that an organization designed to help the "world" (I put it in brackets because I really mean people who are interested in security and have to deal with it) deal with the new arisen problems in security and not hide them from us.

Sometimes he's a little late. . . (4, Interesting)

Fritz Benwalla (539483) | more than 11 years ago | (#5588830)


He released the RSA timing attack vulnerability on the 15th of March:

To: full-disclosure@lists.netsys.com
From: hack4life@hushmail.com
Date: Sat, 15 Mar 2003 18:57:13 -0800

***** NOT FOR PUBLIC DISTRIBUTION *****

VU#997481 - Cryptographic libraries and applications do not adequately defend against timing attacks etc. . .

when it was discussed on Slashdot [slashdot.org] on the 13th of March:

Once again, Slashdot turns out to be the real problem. . .

------

Re:Sometimes he's a little late. . . (1)

Absurd Being (632190) | more than 11 years ago | (#5588876)

Ah, so he's stealing these to post early on slashdot and to get Karma! Ingenious!

Hacker Ethics (2, Redundant)

Blaine Hilton (626259) | more than 11 years ago | (#5588833)

I think this brings up an interesting point related to hackers ethics. On one hand people should know about problems so they fix their machines right away, but if there is no quick fix then perhpas its a thing for a "need to know" basis. I'm interested to hear if slashdotters think this "hacker" is doing a good thing, or a bad thing.

Re:Hacker Ethics (0)

Anonymous Coward | more than 11 years ago | (#5588882)

Of all the things a person could do with his time, he is leaking CERN reports.

He could be volunteering for any number of charities in which his time would be much more wisely invested.

So I don't think it's good or bad -- it's retarded.

Inherent problems with CERT (5, Insightful)

jaywhy (567133) | more than 11 years ago | (#5588841)

I've never liked the fact that CERT was more or less an exclusive security club. It's obvious that hackers monitor the mailing list and know the vulnerablities before majority of everyone else in the world.

CERT should instead, stick with helping behind the scenes coordination between security agencies like eEye and software companies; and should stop publishing unfixed problems to a CERT's underground mailing list.

And mitnick was released how long ago? (1, Funny)

SensitiveMale (155605) | more than 11 years ago | (#5588869)

hmmmmmm?

I don't trust him (1)

hdparm (575302) | more than 11 years ago | (#5588881)

Could this have been an inside job?

Re:I don't trust him (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588998)


I dunno, but your mom gave me a blow job outside.

youf cuker bitch cunt twat (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588885)


cunt fuck shit ass!

ass shit dick (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588897)


fucker twat cock balls BALLZ!

One was supposed to be held back till june??? (5, Insightful)

malice95 (40013) | more than 11 years ago | (#5588901)

What concerns me is that one of the vlunerability reports released by this guy wasnt schedualed to be released until June... JUNE??? What the hell are they going to wait till June for. Cant the vendor get their act together before then? This is why we need bugtraq so bad.. IMHO they should get 3 or 4 weeks max to fix the problem otherwise it gets released. If there is even a hint its being exploited on the net it should be released immediatly, fix or no fix.

Malice95

asshole clit shit cunt (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588905)


fucker bitch whore nuts NUTz tits.

suck asshole tits sluts (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588915)


cum shit asshole piss cunt CUNTz pussy

shit piss tits PUSSY twat (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5588925)


asshole cock farts FARTZ pussy cunt

Verizon Text messaging (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588936)


You know that chick in the Verizon text messaging commercial? The one who left her phone in the car, and then she saw the guy's friend's messages by mistake? Man, I'd like to fuck that snatch.

mother fucker slut whore pussy (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588945)


cunt cum cock balls PERINIUM notcha shit

shit fucker nuts pussy twat (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588951)


cunts twat sluts asshole cocks COCKz shit tits

Re:shit fucker nuts pussy twat (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588970)

Uh-oh, crapfloodbot.

Re:shit fucker nuts pussy twat (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5588986)


Uh, no actually this isn't a crapfloodbot at all. I just feel quite stronly and passionately about the things I have to say. Things like asshole cunts CUNTz piss ass. I am making a difference in this world ... perhaps a small difference, but a difference in my own special way.

I would agree, but... (5, Interesting)

Sandman1971 (516283) | more than 11 years ago | (#5588971)

I was somewhat torn on the issue until I read "I'm going to release these at 7pm on Friday, so that sysadmins don't know about this and can't do anything about this til Monday morning" (paraphrased).

Any inkling of having me agree with posting these advisories just went out the window with this one. He's not trying to help anyone by divulging these, except for maybe script kiddies and crackers. With such a statement it's obvious he's not trying to help vendors release a quicker fix.

pussy tits cunts sluts ASSHOLE (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5588972)


shit balls motherfucker sluts SLUTz cum

Listen...can you hear that? (3, Funny)

Jonboy X (319895) | more than 11 years ago | (#5588981)

It's the sound of every sysadmin on Earth switching to BSD!

A modest proposal (4, Funny)

kuhneng (241514) | more than 11 years ago | (#5589010)

Store the Windows vulnerabilities on a Windows server, Linux vulnerabilities on a Linux server, etc.

That might take the edge off some companies' complaints about vulnerabilities leaking out before the clock is up.

tits cunt fuck (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5589016)


Seriously, I'd love to stick my dick into that chick in the Verizon commercial. I'd shoot my load all over her pretty face.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>