Re: [Full-disclosure] owning ubuntu apt-key net-update (maybe apt-get update related)

[GloW - XD <doomxd@xxxxxxxxx>]

Aha, sounds like typical (unfortunately), the case of the 'sads' on Ubuntus
behalf.
 This is what unfortunately stops somany people from reporting, just that
BIT of acknowledgemnt, even just a thanks on theyre webpage, but instead
they people think "oh well, this guy has probably raped 5000 boxes then
given us this" , it must be the approach of some companies, or they have
very pathetic secteams, (in ubuntus cause, -no comment rofl).
anyhow thx for clearing that up.
cheers,
xd


On 24 September 2011 01:00, Georgi Guninski <guninski@xxxxxxxxxxxx> wrote:

> On Fri, Sep 23, 2011 at 06:32:10AM +1000, GloW - XD wrote:
> > So, this is an exploit then ? Or just a broken package ? Some people
> would
> > simply not understand that,your very techy :P
> > Anyhow, making a small .sh file for the bug would be cool.. if there is a
> > bug to be had.
> > cheers
> >
> >
>
> hi GloW,
>
> the bug appears real to me. ubuntu released an advisory [1]
> and debian have a bug [2].
>
> ubuntu's advisory moderately hurt my narcissistic ego
> by not mentioning my humble name :(
>
> i suppose they have a corporate policy to give credit to "whores only"
> (this might be checked by examining which distros give credit
> and which write ``it was discovered'')
>
> as a minor boost to my narcissistic ego, ubuntu's advisory
> didn't contain CVE(R) ID :)
>
> next time ubuntu hurt my narcissistic ego, i will try the black market for
> the bug.
>
>
> [1]
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001424.html
> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
>
> --
> joro
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/