Well all i have to say is that it's real 0-day!<br><br><div><span class="gmail_quote">On 4/8/07, <b class="gmail_sendername">George Ou</b> <<a href="mailto:george_ou@lanarchitect.net">george_ou@lanarchitect.net</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Yeah that's a stupid accusation against you Raven. He was suggesting<br>somehow that if you get your machine owned then you can't be protecting
<br>other people's computers or something and that was really retarded. Yes he<br>WAS a troll.<br><br>As for Apple going to the press to humiliate you, that's very typical of<br>their PR operation. After the SecureWorks incident and after I spoke with
<br>their PR, I know them all too well. But even I'm shocked that they would<br>bring your boyfriend in to this.<br><br>Thanks for taking the tough questions from the audience. Don't mind this<br>jerk and don't mind Apple. You have nothing to be ashamed of. Keep up the
<br>good work.<br><br><br>George Ou<br><br>-----Original Message-----<br>From: <a href="mailto:full-disclosure-bounces@lists.grok.org.uk">full-disclosure-bounces@lists.grok.org.uk</a><br>[mailto:<a href="mailto:full-disclosure-bounces@lists.grok.org.uk">
full-disclosure-bounces@lists.grok.org.uk</a>] On Behalf Of Raven Alder<br>Sent: Sunday, April 08, 2007 2:00 AM<br>To: <a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br>Subject: [Full-disclosure] Security Researcher Not Particularly Humiliated
<br><br>Hiya --<br><br>> Security conference staff needs to do a better job of screening<br>> their audiences to prevent this sort of harassment during<br>> presentations. I must admit that I am afraid to present at future
<br>> conferences if there is the possibility of being humiliated like<br>> this during my talks.<br><br> As the researcher in question, I didn't feel particularly<br>humiliated. Sure, I thought the guy was a troll, but I figured that he
<br>was just being a jerk to me because he had some chip on his shoulder and<br>couldn't find anything to complain about in my talk. But really, his<br>big tac-nuke against me was that there was some undisclosed bug in
<br>Apple's code? That's hardly my fault. I don't write their OS, and the<br>thing was fully patched, firewalled, hardened, and still got popped.<br>Shit happens.<br><br> I didn't go public with it because I wanted a smoking gun first.
<br>Security is very much a "show me" industry, and I didn't want to make<br>claims that I couldn't substantiate. I did approach Apple, and they<br>pretty much blew me off. I sent them a detailed event report, offered
<br>up my system for forensic analysis, and offered to help in any way I<br>could. They went to the press, gave a reporter my name (I had not gone<br>to the press), and dished some crap about how I let my boyfriend use my
<br>computer and he probably did something to disable my firewall and cause<br>it to auto-own itself or something. Dude. My boyfriend does not have<br>admin permissions on my machine, for starters. Way to help, Apple.<br>
<br> After realizing that Apple were not my friends and were more<br>interested in their PR spin than they were in finding and fixing the<br>problem, I stopped talking to them. I had several OS X geeks have a<br>look at the system, and none of them were able to find anything more
<br>conclusive than I did. Forensics geeks, same thing. So, I dumped the<br>filesystem for posterity, vowed that no OS X box was going on a hostile<br>network again, and reformatted the thing.<br><br> Sorry, folks, but I'm not going to share my filesystem dump with
<br>people that I do not already know and trust. Don't even ask.<br><br> Not even if you're Apple. You leak my name to the press when<br>I'm trying to help you find your flaw, you get no more help from me.
<br><br> All of this is pretty irrelevant to the talk I gave. Still, I<br>don't feel that audience screening is the way to solve the problem -- I<br>don't want to quash honest questions and interest in the projects I'm
<br>working on, and I think any screening that wouldn't be trivially<br>defeated by lying-fu would be draconian enough to be detrimental to free<br>and open discourse. There are always going to be trolls. I think the
<br>audience and convention response was about as good as it could have been<br>-- the troll got told off by several people, two of them with the mike,<br>but it was pretty clear that most people were more interested in the
<br>technical content of the talk than they were in his effort to get my<br>goat. The conference organizers offered sympathy, and that was kind of<br>them; I believe the guy got pitched out of the con for going on to<br>
harass a few other folks too. Charming gent.<br><br> So, really, I don't think I have anything to be ashamed of, and<br>I certainly don't feel humiliated. I can see why getting ad hominem<br>questions might make getting up on stage more intimidating for future
<br>speakers, but I don't intend to let that shut me up. [grin]<br><br>Cheers,<br>Raven<br><br>--<br>@<br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br><br>_______________________________________________<br>Full-Disclosure - We believe in it.
<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/
</a><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com/watches.asp?Brand=39">http://www.goldwatches.com/watches.asp?Brand=39</a><br><a href="http://www.wazoozle.com">http://www.wazoozle.com
</a>