logs archiveBotHelp.net / Freenode / #2f30 / 2015 / August / 12 / 1
z3bra
http://raw.z3bra.org/dev/random/text-on-video.webm
i even put text on video
u like it?
Evil_Bob
https://lobste.rs/s/zy8psg/lenovo_laptops_shipping_with_bios-level_rootkit wow
FRIGN
https://lobste.rs/s/hntor3/no_you_really_can_t
holy sh*t
this article is exploding!
my karma went up like 20 points or sth
:D
Evil_Bob
the revolution has begun
https://lobste.rs/s/hntor3/no_you_really_can_t/comments/o6pj46#c_o6pj46
yes!
FRIGN
REVOLUTION NOW!
:)
going to bed
gn8!
:)
stateless
lol FRIGN replied to tedu
whatever u guys say, oracle sent patches to make pf smp aware on openbsd (sure they were not in a state to be merged but one day u will thank them)
also most ppl who advocate in favor of reversing have no clue how to do it
and those who can do not bother with license agreements
and ofc don't give a sh*t if it is a human right or not
this is only an issue if you are oracle's customers
so do not be customers
be internet cowboys instead
erethon
stateless: iirc the Greek army is using oracle for their dbs :)
stateless
how does that affect you?
:P
fu*k the greek army and fu*k oracle too
erethon
doesn't as long as my data isn't on that :P
stateless
good :P
I can see here in the DB, you crossed a red light in 1999
was that intentinal? this is strictly forbidden by the license agreement.
intentional*
erethon
Dunno about the "human right" part, I believe you're free to do w/e the hell you want with software/hardware/whatever you own (doesn't matter how they ended up in your possesion)
stateless
erethon, it doesn't matter what their license agreement says
erethon
but, if you've signed a license agreement that you won't do something and then you intentionaly breach that, you're asking for trouble. Just don't sign the license in the first place (aka don't become a customer as yu said)
stateless
it would only matter to us if we were using oracle products
erethon
yeap
stateless
if you just download oracle db and reverse it, no one gives a sh*t
you can do that all day if you want
and any seriously motivated person capable of finding genuine bugs in oracle's product will most definitely not report those vulnerabilities back to them
and no im not talking about people who put the bugs they've found on their CV
erethon
this could change if they had *serious* bug bounty program
stateless
if yes
and even then, selling to them will hurt your street karma
selling it*
lol
erethon
better than selling it to the exploit black market I guess
stateless
well, the worst you can do is to give it away
:P
the bug has to stay hidden
:P
do a sha1 on the .c file, post it on twitter
wait 10 years for someone to find the same bug and release the .c after 2 mins on some mailing list
point to the sha1
get all the fame + bi**h3z
:P
erethon
as long as the infosec community is split on full disclosure vs repsonsible disclosure, we won't see much improvement on the above
that's just for your street karma :P
stateless
yeah :P
erethon
imho, best course of action in these cases is full disclosure
but of course, very few people nowaways disclose important stuff when *insert company name here* pays them to report it privately to them
stateless
yeah
erethon, http://www.monkey.org/openbsd/archive/misc/0309/msg01234.html
those were the days
teso did it
they also had a telnetd before that
the sshd exploit was only released in binary form
erethon
"strings theosshucksass" LOL
stateless
haha
http://sprunge.us/HibO
http://sprunge.us/aOIU
#ifdef INSANE_MIND
:P
erethon
nowadays all remote exploits are written in ruby for msf :/
stateless
lol
http://sprunge.us/OfaF
real men write in C
(from 2009, remote root)
it is a kernel bug...
it had to be reliable or else you crash the remote kernel :P
erethon
then your exploit turned from a rce to remote dos :P
I recall playing around with sys_call_table when it wasn't read only (experimenting with rootkits), have no idea how modern stuff works. Should give it a go at some point
stateless
lol yes
oblique had written an article on how to do this in greek lol
https://github.com/oblique/articles/blob/master/kernel_mode_hooking/tutorial.greek.utf8.txt
lol
erethon
woo, don't recall ever reading a greek version of this. Although the nick oblique rings a bell
stateless
he is here :P
oblique, sup :P
erethon
yeah, noticed from the autocomplete. Meant it doesn't ring a bell apart from seeing his nick here :P
stateless
ah :P
dca7
http://vps.iotek.org:1337/
start typing sh*t
retard
that's fu*ked up
dca7
lel
retard
i'm getting some laffs
from this
dca7
of course at the exact moment when I show my gf's mom
« prev 1 2 3 next »