[Dailydave] This guy cracks me up.

Daniel daniel at ugc-labs.co.uk
Wed Sep 6 10:44:56 EST 2006 

And it keeps on rolling...

http://www.smallworks.com/




On 6 Sep 2006, at 05:33, johnny cache wrote:

>>> So, anyone else out there think im an idiot doing a dis-service  
>>> to the entire
>>> computer security industry?
>
>> Since you asked... "Idiot" is a _little_ harsh. You and DM have  
>> joined
>> Eric Brandwine, Todd MacDermid, and to be fair, Dino Dai Zovi* on my
>> very short list of "people who fucked me out of precious Black Hat
>> Briefings time by misrepresenting their talk", and I _really_ didn't
>> appreciate that.
>
>> What useful info did you present? I can summarize it in a small  
>> number
>> of bytes without forking out thousands of dollars and flying to  
>> Vegas:
>> "wifi drivers are porrly written. I can exploit them - trust me.  
>> Here's
>> a home video of David supposedly doing it." Had I known, I'd have
>> watched Kevin Mandia's incident response talk.
>
> Sorry to hear you didn't get much out of my talk. although no one  
> thinks
> this is nearly as cool as this code execution stuff, I did spend  
> quite a lot
> (say half?) of the time speaking about fingerprinting 802.11 device  
> drivers.
>
> The reason being if you have a wifi device driver  exploit, knowing  
> the device
> driver and or driver version is very important. If anyone is
> interested in this, I am looking for beta
> testers for the  code. Shoot me an email. I should emphasize that this
> code is not easy to use,
> and will not pop up a cool display showing all the cards in the area
> and their device drivers.  Emphasis on beta.
>
>
>> I save some blame for Jeff Moss for approving your non-presentation.
>> After the Fnord kmod fiasco he promised that there would never  
>> again be
>> talks where the code or information was unavailable. Oops.
>
> I amjust not sure what people want. Have you ever been to a talk at  
> any
> conference that was just a walk through of a single bug? There are  
> places that
> you can go to get this, and  it's generally called training, not a  
> talk.
>
> We also spent some time talking about how to write a fuzzers. Since  
> the
> last thing I want to do right now is find any more device driver bugs,
> here's a copy
> of the lastest svn of airbase. It contains fuzz-e in the tools
> directory.  Consider it
> compensation for wasting your time during BH.
>
> Anyone else who wants a slice of the wonderful wi-fi device driver bug
> pie no longer
> even needs to write code. They just need to get lucky running mine,  
> and dig
> into some crash dumps.  Just don't expect any tech support. It's a
> bitch to set up.
>
> http://www.802.11mercenary.net/~johnycsh/prone_to_deletion/airbase- 
> svn-84.tar.gz
> -jc
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave

More information about the Dailydave mailing list