[Full-Disclosure] OpenSSL on Fire.
From: harden@softhome.net
Date: 03/30/03
- Previous message: Michal Zalewski: "[Full-Disclosure] Sendmail: -1 gone wild"
- Next in thread: martin f krafft: "[Full-Disclosure] Re: OpenSSL on Fire."
- Reply: martin f krafft: "[Full-Disclosure] Re: OpenSSL on Fire."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: harden@softhome.net To: full-disclosure@lists.netsys.com Date: Sat, 29 Mar 2003 20:43:30 -0700
. Background
For years now, the OpenSSL project has been developing strong,
commercial-grade and, yes, full-featured toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols in
collaboration with many developers from all around the globe.
. Problem Description
Since not everyone are socially skilled and everyone need friends, some
secret societies released prisonners that released stuff that helped some
people to do some programming things that then became public to become
friend with unknown people, see societies.
. Workaround
As many of you already thought, suicide can be a way out of this
uncomfortable position. As I told many people, some of us does have social
obligations and cannot afford to commit suicide. Using your imagination MAY
lead to interesting answers. In case of frustration, use the attached
semi-automatic rooter kit and hack as many servers as you can. Note that
this will probably not give you root so you should use the NEW PTRACE
exploit aviable from some whitehated polish persons at
http://isec.pl/cliph/isec-ptrace-kmod-exploit.c to gain root on all these
boxes.
. Solution
1. Be against the security industry.
2. Join the security industry.
3. Use openssl uzi to kill as many servers as you can.
. More Details
By publishing such a tool I expect the world to be a better place,
at least people can have an idea of the WORST.
The attached archive is distributed feely under some license or not.
Yes, I do have the right to do that.
. Text
I like to control my brain with my brain.
-Harden
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/x-tar attachment: openssl-uzi.tar
- Previous message: Michal Zalewski: "[Full-Disclosure] Sendmail: -1 gone wild"
- Next in thread: martin f krafft: "[Full-Disclosure] Re: OpenSSL on Fire."
- Reply: martin f krafft: "[Full-Disclosure] Re: OpenSSL on Fire."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
