Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Mar 2017 05:38:04 -0500
From:      grarpamp <grarpamp@gmail.com>
To:        freebsd-security@freebsd.org
Cc:        freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org
Subject:   Re: WikiLeaks CIA Exploits: FreeBSD References Within
Message-ID:  <CAD2Ti29qm-JK6RR0HpY+gpvpXwFcGRTJp7F6acWW0sN1H-KwBA@mail.gmail.com>
In-Reply-To: <86innjojfb.fsf@desk.des.no>
References:  <CAD2Ti28acbW+pGQR5UihECWvg9WduGmVzkVFug_2ZWRF2zyTBw@mail.gmail.com> <86innjojfb.fsf@desk.des.no>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wed, Mar 8, 2017 at 10:52 AM, Dag-Erling Sm=C3=B8rgrav <des@des.no> wrot=
e:
> grarpamp <grarpamp@gmail.com> writes:
>> https://search.wikileaks.org/?q=3Dfreebsd
> That doesn't indicate a vulnerability.  Shell code is what you use to

Yep, sec folks are aware of the difference between
sample and exploit code, and vulnerabilities.
https://www.freebsd.org/security/advisories.html
http://shell-storm.org/shellcode/

The post wasn't meant to "indicate a vulnerability".
But as a heads up that maybe some might end up being
published there. On the other hand, there are countless eyes
on it, so OS vendors will find out in time,
even if they aren't eyeballing it themselves.

> legal advice

Let us all get legal advice before living, as it might entail risks ;)
Lots of sites offer a variety of advice for those facing risks.
Here are some related to employers, browsing, and law...
https://intelexit.org/ https://www.youtube.com/watch?v=3DfklxuoBXXqw
https://www.torproject.org/ https://geti2p.net/
https://www.eff.org/
IANAGPA, but they do exist.

(Btw, the pentest turned out to be old Nessus and Metasploit stuff.)



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAD2Ti29qm-JK6RR0HpY+gpvpXwFcGRTJp7F6acWW0sN1H-KwBA>