Overclock.net › Forums › Industry News › Software News › [CW] AntiSec leaks Symantec pcAnywhere source code after turning down $50k bribe to not release source code
New Posts  All Forums:Forum Nav:

[CW] AntiSec leaks Symantec pcAnywhere source code after turning down $50k bribe to not release source code - Page 8  

post #71 of 113
Thread Starter 
Quote:
Originally Posted by Zinxe View Post


Learn to read son, I never said Antisec was an essential part of the system or that bad things would happen if they weren't. lachen.gif
I said that the disclosure method of reporting to the vendor and releasing it publicly afterwards is standard practice. Something you would know if you were involved in the industry.
post #72 of 113
Quote:
Originally Posted by PoopaScoopa View Post

Learn to read son, I never said Antisec was an essential part of the system or that bad things would happen if they weren't. lachen.gif
I said that the disclosure method of reporting to the vendor and releasing it publicly afterwards is standard practice. Something you would know if you were involved in the industry.

I would re-iterate my previous post here: http://www.overclock.net/t/1211723/cw-antisec-leaks-symantec-pcanywhere-source-code-after-turning-down-50k-bribe-to-not-release-source-code/60#post_16403513

If I'm confused as to how it went down, please shed some light.
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
post #73 of 113
Quote:
Originally Posted by PoopaScoopa View Post

Someone didn't read before posting...
Disclosure Timeline
2011-08-16 - Vulnerability reported to vendor
2012-01-25 - Coordinated public release of advisory
http://www.zerodayinitiative.com/advisories/ZDI-12-018/
Somebody did, somebody didn't bother reading every line of text provided on the multiple websites linked with this article. And this still isn't reporting an exploit, there's no reason to make this available for every noob to download.
Koneko
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD R5 1600 Gigabyte GA-AB350M-Gaming 3 Sapphire RX560 (2GB) Corsair CMK16GX4M2B3200C16W (16GB) 
Hard DriveHard DriveMonitorKeyboard
Samsung 840 Pro (256GB) Seagate ST3000DM001 (3TB) Alienware OptX AW2310 (120Hz) Generic Dell 
PowerCaseMouseMouse Pad
Corsair AX750 Corsair Carbide 88R Mionix Naos 7000 Steelseries Qck 
  hide details  
Koneko
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD R5 1600 Gigabyte GA-AB350M-Gaming 3 Sapphire RX560 (2GB) Corsair CMK16GX4M2B3200C16W (16GB) 
Hard DriveHard DriveMonitorKeyboard
Samsung 840 Pro (256GB) Seagate ST3000DM001 (3TB) Alienware OptX AW2310 (120Hz) Generic Dell 
PowerCaseMouseMouse Pad
Corsair AX750 Corsair Carbide 88R Mionix Naos 7000 Steelseries Qck 
  hide details  
post #74 of 113
Thread Starter 
Quote:
Originally Posted by Phoenixlight View Post

there's no reason to make this available for every noob to download.

lachen.gif Oh, man, you guys are killing me. You might want to go and read up on how and why public disclosure works before embarrassing yourself any more. All the links have been provided and you can choose to either read and learn or continue to stick your head in the sand. You might want to start with something simple, like this: http://www.zerodayinitiative.com/about/faq/
post #75 of 113
Quote:
Originally Posted by PoopaScoopa View Post

lachen.gif Oh, man, you guys are killing me. You might want to go and read up on how and why public disclosure works before embarrassing yourself any more. All the links have been provided and you can choose to either read and learn or continue to stick your head in the sand. You might want to start with something simple, like this: http://www.zerodayinitiative.com/about/faq/

Again, please correct where I'm wrong in terms of the exchange and end result between AntiSec and Sym:

http://www.overclock.net/t/1211723/cw-antisec-leaks-symantec-pcanywhere-source-code-after-turning-down-50k-bribe-to-not-release-source-code/60#post_16403513
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
post #76 of 113
Thread Starter 
Quote:
Originally Posted by guyladouche View Post

Again, please correct where I'm wrong in terms of the exchange and end result between AntiSec and Sym:
http://www.overclock.net/t/1211723/cw-antisec-leaks-symantec-pcanywhere-source-code-after-turning-down-50k-bribe-to-not-release-source-code/60#post_16403513

From the beginning. Antisec is not the one who discovered and reported the exploit to Symantec. It's really getting boring having to repeat myself over and over. If you haven't gotten it by now, you're never going to understand it. Best to just move on.
post #77 of 113
Quote:
Originally Posted by PoopaScoopa View Post

They're forcing Symantec to finally patch their buggy code. Everyone ultimately benefits from this. Reporting known exploits isn't a crime...
Yes, because that's precisely what they're doing. It has nothing to do with cries for attention because of the lonliness of their parents' basements.

There is no tenable backing for their behavior. Period.
BladeRunner v3.0
(11 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-5930K @ 4.6GHz Core, 4.4GHz Cache ASUS X99 Sabertooth Sapphire R9 380 Dual-X OC G.Skill TridentZ 32GB DDR4 @ 13-15-13-33-1T 320... 
Hard DriveCoolingOSKeyboard
Samsung 850 Pro 512GB Noctua NH-D15S Windows 10 Home 64-bit Logitech G910 Orion Spark 
PowerCaseMouse
EVGA SuperNova 1000W T2 NZXT Phantom 820 Black Logitech G5 
  hide details  
BladeRunner v3.0
(11 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-5930K @ 4.6GHz Core, 4.4GHz Cache ASUS X99 Sabertooth Sapphire R9 380 Dual-X OC G.Skill TridentZ 32GB DDR4 @ 13-15-13-33-1T 320... 
Hard DriveCoolingOSKeyboard
Samsung 850 Pro 512GB Noctua NH-D15S Windows 10 Home 64-bit Logitech G910 Orion Spark 
PowerCaseMouse
EVGA SuperNova 1000W T2 NZXT Phantom 820 Black Logitech G5 
  hide details  
post #78 of 113
Quote:
Originally Posted by PoopaScoopa View Post

From the beginning. Antisec is not the one who discovered and reported the exploit to Symantec. It's really getting boring having to repeat myself over and over. If you haven't gotten it by now, you're never going to understand it. Best to just move on.

Did you miss where I said that I don't care who initially reported the vulnerability to Sym? This isn't about that. I only care about the exchange between AntiSec and Sym, since AntiSec is the one who took action and chose to release the source code. Where in their exchange am I not correct? You aren't repeating yourself because you aren't explaining anything. edit--you might be repeating yourself, but you still aren't explaining anything.
Edited by guyladouche - 2/7/12 at 3:19pm
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
post #79 of 113
Uh, Public Disclosure doesn't mean dropping source code. It means an in-depth explanation of what the problem, be it a bug, exploit, etc, is and what it's capable of doing. Nothing more. To call what Anti-sec has done as "white-hat" is ridiculous. It's time the feds bring these guys in and they get to do time in Hanoi prisons.
post #80 of 113
The way this should have worked was this:
Quote:
Person who found vulnerability: "Hey Symantec, you have a vulnerability. You need to patch it"
Symantec: *patches vulnerability"
THE END

This is what happened:
Quote:
Person who found vulnerability: "Hey Symantec, you have a vulnerability. You need to patch it"
Symantec: *patches vulnerability"
AntiSec: We will post your source code now!
Symantec: We fixed the glitch!
Antisec: DONT CARE!!11! lulz
Symantec: How about 50k?
Antisec: NO! *shares source code*
Symantec: crap....
Poopscoop: ANTISEC ARE TEH GODZ!
OCN: /facepalm
Whitey
(10 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-4670k Gigabyte Z87X-UD4H Geforce GTX 660 Corsair Vengence 2x4GB 
Hard DriveMonitorKeyboardPower
1TB WD Caviar Dell S2340M Logitech G710+ EVGA 650W 
CaseMouse
Corsaid 600T White  Mionix Avior7000 
  hide details  
Whitey
(10 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-4670k Gigabyte Z87X-UD4H Geforce GTX 660 Corsair Vengence 2x4GB 
Hard DriveMonitorKeyboardPower
1TB WD Caviar Dell S2340M Logitech G710+ EVGA 650W 
CaseMouse
Corsaid 600T White  Mionix Avior7000 
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
This thread is locked  
Overclock.net › Forums › Industry News › Software News › [CW] AntiSec leaks Symantec pcAnywhere source code after turning down $50k bribe to not release source code