Date: Mon, 16 May 2005 18:05:13 +1000 From: "Drew B. [Security Researcher and Analyst]." <d4rkstorm@gmail.com> To: freebsd-security@freebsd.org Subject: RE: oh foobar! Message-ID: <245f0df105051601053ecacb0e@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello list , just one thought, If you had a 'package verify" function , wich automatically installs itself and updates itself on any major update (a builtin eatire,posible for a future build), then that alone would eliminate multiple packages, of wich sometimes they have bad components left behind. I have seen a similar idea in the ports/vulnerability-test-port , I think this is a root problem , if you disabled ALL users (well atleast make a stern admin warning, and log the install that was proceeded with for root users to PoC etc , to trackback or monitor) , then you cant get any multiple installs, unless yo are using OLD cds, In wich case, as I am uninformed in fBSD it seems, (but then i think we are all misinformed, the users that is,that fbsd is extremely secure and well to manage,hence making an admin/user think the box is almost indestructible,it is impossible with Opensource,and now it is being torn apart,as duely all things do in time i guess). There just seems to me,that i am seeing alot of fbsd-related exploitation,unlike 10 or so years ago,when yes, unix was comprisable, but usually by a brutefrce on a 'god' pass ;). i am now going to remain idle , and am even leaving the online world, to concentrate on more iportant things,like getting a Job :). So good luck to you all, i will still remain here, i just will not be very Public anymore, it seems i may be upsetting the higher echelons of fBsd, i can see my firewall ya know ;). And i dislike what I see, when all i really did, was report a problem I had myself, and someone I know still has. I am here to only have that addresses, watching the rest of this list function has shown me how weak your security is. Yea sure you might have a nametag (Just like "expert" ;) , but nowdays that dont mean jackshit, and if my machines are going to be annoyed about it, i would rather just d/c and move my stuff. You are the O/S socalled bosses and so@freebsd.org , well, i dont recall EVER seeing it, so i must be just hopeless ey! Anyhow I mean o mis or mal-intent, never did..I warned I was looking into something in my first post here, then received criticism in public from @frebsd.org .. pfft.. ridiculous, out of ALL the words i wrote, all that the person could see was 'expert' ... wow.. congrats! You picked a silly signature error for me. As i am saying.. basically watching the way this is happening, after posting a 'request' has made me sicken of ever posting any problems ever again to you. i find the unprofessionalism , about a silly avaar, ridiculous considering one person managed to say that, and 10 others in Private (yes PM! amazing thing that) , they had atlest p[ositive things to say. yes people make accidents, i have a busy life, NOW not so :) , but i just did not know of a security list running, and then another security officer, I assumed the so@ would be the security-list owner, so considering I have apaprently been 'public' about something that is legal, well this is how i am responding, and i will know that if you treat people this way, toehrs also HAVE and will continue, to leave. Adios amigos (those that actually read things ;) Regards, Drew. -------------------------------------------------------------------- Drew, the antichrist who reported a flaw.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?245f0df105051601053ecacb0e>