@AgreeableLandscape
mod
admin
2121d

The first rule of pentesting is to get goddamn permission before you exploit something. Come to think of it, what they did is probably federally illegal under computer abuse law.

@AgreeableLandscape
mod
admin
13
edit-2
21d

Here’s the researcher’s response:

https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/

And the paper that started it:

https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

Judge for yourself, but I definitely don’t think it’s a good look.

Probably a good idea to subscribe to this issue: https://github.com/QiushiWu/qiushiwu.github.io/issues/1

@lorabe
1121d

An entire institution banned thanks to these guys.

Sounds kinda excessive and at the same time adequate.

@AgreeableLandscape
mod
admin
1021d

I imagine they don’t want the possibility of the researcher just getting a new academic email and continuing to do it. Also, it forces the university to react since the researcher clearly isn’t willing to stop judging by their responses.

@lorabe
921d

I’ve been reading the messages and it’s totally embarrassing, i can’t believe someone is messing with a kernel installed on thousands of millions of devices just to create an academic paper.

TWICE, they were trying to do it AGAIN.

@lordofbud
921d

Sounds like a reasonable response to a bad faith actor.

Based and Tuxpilled

@joojmachine
521d

I have no idea what happened, I just know it was brutal. Damn.

@otso
1821d

Hot damn! I don’t know the specific patches, but according to the email (tl:dr;) a team at University of Minnesota was submitting patches they knew were broken to “test” how the kernel team responded. They had apparently published papers on it.

Subversivo
1521d

Link tells whole story. They submitted buggy patches to see how devs would react and published a paper on it. Now, they submitted buggy patches again.

@joojmachine
921d

So they were being either extremely stupid or extremely rotten by keeping giving the kernel devs more work debugging bad code?

Subversivo
1421d

Giving other work and making them look bad if they fail to spot errors to personal academic gains. Yes, extremely rotten.

Don’t know how ethics committees work on US, but this is the thing that should never be allowed to pass them.

@otso
721d

Oh hey, yours went through as I was typing, my bad.

Subversivo
621d

No problem, mate.

wick3dr0se
220d

Tell me this didn’t go live and get installed on anyone’s system

Dreeg Ocedam
120d

I’m guessing they’re forcing the hand of the university to do something about it, and then will unban the university except the few who worked on the patches.

They don’t want to bother investigating/punishing so they expect the university to do it for them.

It would seem unfair to ban the whole university forever.

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

  • 0 users online
  • 14 users / day
  • 46 users / week
  • 139 users / month
  • 381 users / 6 months
  • 3368 subscribers
  • 901 Posts
  • 2613 Comments
  • Modlog