The first rule of pentesting is to get goddamn permission before you exploit something. Come to think of it, what they did is probably federally illegal under computer abuse law.
this post was submitted on 21 Apr 2021
64 points (100.0% liked)
Linux
56077 readers
573 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
Here's their response:
https://lore.kernel.org/linux-nfs/YH%2FfM%[email protected]/
And the paper that started it:
https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Judge for yourself, but I definitely don't think it's a good look.
University of Minnesota issued a statement: https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
Probably a good idea to subscribe to this issue: https://github.com/QiushiWu/qiushiwu.github.io/issues/1
An entire institution banned thanks to these guys.
Sounds kinda excessive and at the same time adequate.
I imagine they don't want the possibility of the researcher just getting a new academic email and continuing to do it. Also, it forces the university to react since the researcher clearly isn't willing to stop judging by their responses.
I've been reading the messages and it's totally embarrassing, i can't believe someone is messing with a kernel installed on thousands of millions of devices just to create an academic paper.
TWICE, they were trying to do it AGAIN.
Sounds like a reasonable response to a bad faith actor.
Based and Tuxpilled
I have no idea what happened, I just know it was brutal. Damn.
Link tells whole story. They submitted buggy patches to see how devs would react and published a paper on it. Now, they submitted buggy patches again.
So they were being either extremely stupid or extremely rotten by keeping giving the kernel devs more work debugging bad code?
Giving other work and making them look bad if they fail to spot errors to personal academic gains. Yes, extremely rotten.
Don't know how ethics committees work on US, but this is the thing that should never be allowed to pass them.
Tell me this didn't go live and get installed on anyone's system
I'm guessing they're forcing the hand of the university to do something about it, and then will unban the university except the few who worked on the patches.
They don't want to bother investigating/punishing so they expect the university to do it for them.
It would seem unfair to ban the whole university forever.