> On Tue, May 06, 2014 at 02:32:16PM -0700, Chris Cappuccio wrote: > > Giancarlo Razzolini [grazzol...@gmail.com] wrote: > > > My gut feeling when I first read your message was that you're joking. > > > But, since it was a subtle joke, I got suspicious. Better to safe than > > > sorry. Anyway, I hardly believe the post is real. If they *at least* > > > offered to proof it, by exploiting any ip address provided, then it > > > would be a little more believable. > > > > Well you do have the exploit, after all. Proof it yourself. That's > > the whole reason it's called "Proof of Concept" > > speaking of which, anyone else notice that the 'total 227K' is suspiciously > less than the '236K icanhaze.c'? > > not like i know every detail of every filesystem ever made, but i haven't > been able to find one so far where an 'ls -lah' equivalent output of a dir > reports a size smaller than the largest file in the dir (or equivalent > block count).
Three points to make. 1) I love how the hash shows up in the process. Priceless. Gotta love PAM. 2) Someone could buy the bug, and give it to us. 3) Or someone could just donate to the OpenBSD Foundation, and we can try to arrange a hackathon specifically for OpenSSH development....
