I imagine they don’t want the possibility of the researcher just getting a new academic email and continuing to do it. Also, it forces the university to react since the researcher clearly isn’t willing to stop judging by their responses.
I’ve been reading the messages and it’s totally embarrassing, i can’t believe someone is messing with a kernel installed on thousands of millions of devices just to create an academic paper.
The first rule of pentesting is to get goddamn permission before you exploit something. Come to think of it, what they did is probably federally illegal under computer abuse law.
Hot damn! I don’t know the specific patches, but according to the email (tl:dr;) a team at University of Minnesota was submitting patches they knew were broken to “test” how the kernel team responded. They had apparently published papers on it.
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
Tell me this didn’t go live and get installed on anyone’s system
deleted by creator
Sounds like a reasonable response to a bad faith actor.
An entire institution banned thanks to these guys.
Sounds kinda excessive and at the same time adequate.
I imagine they don’t want the possibility of the researcher just getting a new academic email and continuing to do it. Also, it forces the university to react since the researcher clearly isn’t willing to stop judging by their responses.
I’ve been reading the messages and it’s totally embarrassing, i can’t believe someone is messing with a kernel installed on thousands of millions of devices just to create an academic paper.
TWICE, they were trying to do it AGAIN.
Based and Tuxpilled
Here’s the researcher’s response:
https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/
And the paper that started it:
https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Judge for yourself, but I definitely don’t think it’s a good look.
University of Minnesota issued a statement: https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
Probably a good idea to subscribe to this issue: https://github.com/QiushiWu/qiushiwu.github.io/issues/1
The first rule of pentesting is to get goddamn permission before you exploit something. Come to think of it, what they did is probably federally illegal under computer abuse law.
I have no idea what happened, I just know it was brutal. Damn.
Hot damn! I don’t know the specific patches, but according to the email (tl:dr;) a team at University of Minnesota was submitting patches they knew were broken to “test” how the kernel team responded. They had apparently published papers on it.
Link tells whole story. They submitted buggy patches to see how devs would react and published a paper on it. Now, they submitted buggy patches again.
So they were being either extremely stupid or extremely rotten by keeping giving the kernel devs more work debugging bad code?
Giving other work and making them look bad if they fail to spot errors to personal academic gains. Yes, extremely rotten.
Don’t know how ethics committees work on US, but this is the thing that should never be allowed to pass them.
Oh hey, yours went through as I was typing, my bad.
No problem, mate.