Re: [Full-disclosure] gimp sc, and evilness



This is a quite ridiculous series of emails that quickly turned south.
Someone should clear this up.

On Dec 13, 2007 12:48 AM, Kristian Erik Hermansen
<kristian.hermansen@xxxxxxxxx> wrote:
I don't appreciate people spreading false info about me. If there is
a problem, I would rather you say it to my face, in person, than
behind my back. I don't have a problem with you, but if you are
"blackballing" me in the security community, then you and I have
something to discuss...


On Dec 12, 2007 12:20 PM, Kristian Erik Hermansen

<kristian.hermansen@xxxxxxxxx> wrote:
Hi Christopher,

I do not mean to be shady at all. The point of the exploit was not

I didnt call you shady. I LOLed a shady LOL.

"A LOL--A shady one"

original shellcode. The point was creating a universal exploit for
Gimp on Windows which would also allow dynamic payload. If you see,
the shellcode payload changes based on the user input for the URL.
Nothing new, but useful for demonstration purposes. I perhaps should
have left the second line from the Metasploit output so that
attribution was taken. I was not aware that shellcode output from msf
is intellectual property. I have given Metasploit plenty of credit
when I thought necessary. I even asked H D Moore to borrow some
images for a talk I did at the Ubuntu Live conference in Oregon this
year, which he personally allowed...

http://www.kristian-hermansen.com/clonezilla/clonezilla.pdf

I also tried to do MSF a favor for more exposure and get 3.0 into
Ubuntu's multiverse repository. However, due to some nuances in the
MSF License, this was not possible. I don't see why you think I am so
evil. I do not mean to be. I wish I could have made it to your
gathering of drinks at 20 GOTO 10 post-baysec, but I was still in
Boston. I will try to meet up with you guys at the next baysec, and
you will see that I am not evil. Of course, my background in security
is not as proficient as yours, and I have never been a CEO. Although,
I am very familiar with all the companies you have lead. I do,
however, wonder why you left Cloudmark just after it became
profitable. To me, that sounds shady...

Additionally, Cloudmark is a privately held company so either you
guessed that they were profitable or an employee with a loose tongue
unwittingly disclosed that information to you against their employment
contract.

--
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."




--
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/