From owner-freebsd-security@freebsd.org Thu Mar 9 10:38:46 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8D655D042BA; Thu, 9 Mar 2017 10:38:46 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4888D1CB5; Thu, 9 Mar 2017 10:38:46 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-ua0-x230.google.com with SMTP id u30so75868316uau.0; Thu, 09 Mar 2017 02:38:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=H3ycku3Xlb4JAuzrinsJ6FKhezaV5a30fGV6cFUNo2A=; b=IBX9cYm0EtUmEOj4Iel5sJBcqcpogFC+AYafe9bLkqtGYsaWohRXSmXbB2TFwAG11h aJVZcqmDPR3wx4aeNWg56hpGwg88khdyqy7OerJVjhS2/N1RmMetaAUOw+g+tWEtzWSj HRyu4R7kU7lU2zbxMChE+a76H7xezTexuEbH0tLoY2+iKdmM35RFj3emoNRe51BhnTVj i5ALXtsxqo7WlRcX/32bXrWoUYMY/EulUJXeM/2vpjJu37FvqBznSTkrT/9mnn5VaDD2 MNzxQ9N1CGX6vE7/Z8NrCQkT5+WFv7qD2UGWKw4/bWrPl2lHMTavBzCb5VKhlLXy3dJZ yvUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=H3ycku3Xlb4JAuzrinsJ6FKhezaV5a30fGV6cFUNo2A=; b=nwD8Q/+UpPsDhfoMwzkPuJSRK2kHkbzVB22vaaEzAcdUW0LvgHAdgntgF1zaVrbeqg 6qyzQ79trYoGqabr8bIlqi6BVA7pSkdZFynO24yhTBeUYx8fG53N8DhZagm/Z2fmXHId hqb2M8epSSQKcoGqaPwQaY1JvB0IbWdA8OALfQci8lvSNYh+tO+ZOpBXTH+CbUSZmmPi nkyUdyY9qyWDwZ0adSJM4X6rXZzwmQgmCJyTZq1J6QI5uaQd3OUTy9IrSZtONObyUE4m g4s4jf8wVI510cTmoHiSW9Ct9Apu1ynoGYHNkt3f754mWVyyHa2tEorxkZeivJI5dgpX DXxA== X-Gm-Message-State: AMke39nPVT4Nwiz9/nqS5EmYgo6TwbMYdZuUWY0E/WoOVBtIjgaIMCWP3p6XW8GByjMcI3pHc8W9XOGbzDXpyA== X-Received: by 10.31.137.75 with SMTP id l72mr6722253vkd.138.1489055925238; Thu, 09 Mar 2017 02:38:45 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.48.143 with HTTP; Thu, 9 Mar 2017 02:38:04 -0800 (PST) In-Reply-To: <86innjojfb.fsf@desk.des.no> References: <86innjojfb.fsf@desk.des.no> From: grarpamp Date: Thu, 9 Mar 2017 05:38:04 -0500 Message-ID: Subject: Re: WikiLeaks CIA Exploits: FreeBSD References Within To: freebsd-security@freebsd.org Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 09 Mar 2017 12:18:04 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 10:38:46 -0000 On Wed, Mar 8, 2017 at 10:52 AM, Dag-Erling Sm=C3=B8rgrav wrot= e: > grarpamp writes: >> https://search.wikileaks.org/?q=3Dfreebsd > That doesn't indicate a vulnerability. Shell code is what you use to Yep, sec folks are aware of the difference between sample and exploit code, and vulnerabilities. https://www.freebsd.org/security/advisories.html http://shell-storm.org/shellcode/ The post wasn't meant to "indicate a vulnerability". But as a heads up that maybe some might end up being published there. On the other hand, there are countless eyes on it, so OS vendors will find out in time, even if they aren't eyeballing it themselves. > legal advice Let us all get legal advice before living, as it might entail risks ;) Lots of sites offer a variety of advice for those facing risks. Here are some related to employers, browsing, and law... https://intelexit.org/ https://www.youtube.com/watch?v=3DfklxuoBXXqw https://www.torproject.org/ https://geti2p.net/ https://www.eff.org/ IANAGPA, but they do exist. (Btw, the pentest turned out to be old Nessus and Metasploit stuff.)