Debian Bug report logs - #497789
security bug on iceweasel

version graph

Package: iceweasel; Maintainer for iceweasel is Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>; Source for iceweasel is src:iceweasel.

Reported by: "Micaela Gallerini" <mat.r.gl@gmail.com>

Date: Thu, 4 Sep 2008 10:45:02 UTC

Severity: critical

Found in version 2.0.0.16

Done: Christoph Berg <myon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#497789; Package iceweasel. Full text and rfc822 format available.

Acknowledgement sent to "Micaela Gallerini" <mat.r.gl@gmail.com>:
New Bug report received and forwarded. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Micaela Gallerini" <mat.r.gl@gmail.com>
To: submit@bugs.debian.org
Subject: security bug on iceweasel
Date: Thu, 4 Sep 2008 12:43:09 +0200
[Message part 1 (text/plain, inline)]
Package: Iceweasel
version: 2.0.0.16
Severity: critical

Using an active sniffer a lamer can spoof, partially or completely,
browser windows like in the images attachement, in the images there is
a spoofing attack on two different website
This happens because in the website programmed in falsh and using
shockwave the browser fails to execute the command

fscommand

iceweasel don't know it and therfore it don't execute the command.
This, however as strange, also creates another more serious problem of
spooffing window that is the control of the window because this flaw
and using a sniffer running, the lamer can do a complete check-up is
on what the user use or navigation of users, as described by my log
below.
Not only that, the browser you can get as it happened to me (see log
below) to make enumerations on your system with the consequent problem
of making insecure anything, command or otherwise made by the user.
unfortunately I can't send e-mail logs wireshark that identifies
exactly the problem, but if you request me I can send a picture
because you verify the attacks are really, and then I put the figure
below.


Network log

					
						
20/08/08	20.00	7	192.168.1.2	192.168.1.7	BROWSER	Local MASTER, NUR,
Workstation, Server, Print Queue Server, Xenix Server, NT workstation,
NT Server, Master Browser, unknown server type:23


20/08/08	20.00	8	192.168.1.2	192.168.1.7	BROWSER	Domain/workgroup
Announcement (MY USER), NT workstation, Domain Enum


Suggest: insert a procedure that correct the error on fscommand and to
avoid DoS or spooffing or another attack at the system is possible
insert a procedure that know a external package request  that arrive
from another person that the section browser.
I explain better, if I surf on

www.debian.org

the browser can know that all package arrive from

www.debian.org

and not from another ip. if arrive a different ip package the browser
reject it without close the section browser.

I use Debian 4.0 (etch)

best regards,

-- 
Micaela Gallerini
[gla2.png (image/png, attachment)]
[tw7.png (image/png, attachment)]
[tw4.png (image/png, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#497789; Package iceweasel. (Tue, 21 Oct 2008 19:54:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ivan Baldo <ibaldo@adinet.com.uy>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. (Tue, 21 Oct 2008 19:54:04 GMT) Full text and rfc822 format available.

Message #10 received at 497789@bugs.debian.org (full text, mbox):

From: Ivan Baldo <ibaldo@adinet.com.uy>
To: Micaela Gallerini <mat.r.gl@gmail.com>
Cc: 497789@bugs.debian.org
Subject: Does it still happens?
Date: Tue, 21 Oct 2008 17:51:05 -0200
   Hello.
   I didn't understand anything of what you said, I am not a security 
expert anyway, and I am not a maintainer of this packages.
   But anyway, the problem exists in the new Etch version 2.0.0.17-0etch1?
   And does it exist in Lenny 3.0.3-2?
   Thanks for your help.
   Bye.

-- 
Ivan Baldo - ibaldo@adinet.com.uy - http://ibaldo.codigolibre.net/
From Montevideo, Uruguay, at the south of South America.
Freelance programmer and GNU/Linux system administrator, hire me!
Alternatives: ibaldo@codigolibre.net - http://go.to/ibaldo





Reply sent to Christoph Berg <myon@debian.org>:
You have taken responsibility. (Sat, 25 Oct 2008 12:36:09 GMT) Full text and rfc822 format available.

Notification sent to "Micaela Gallerini" <mat.r.gl@gmail.com>:
Bug acknowledged by developer. (Sat, 25 Oct 2008 12:36:10 GMT) Full text and rfc822 format available.

Message #15 received at 497789-done@bugs.debian.org (full text, mbox):

From: Christoph Berg <myon@debian.org>
To: Micaela Gallerini <mat.r.gl@gmail.com>, 497789-done@bugs.debian.org
Subject: Re: Bug#497789: security bug on iceweasel
Date: Sat, 25 Oct 2008 14:32:56 +0200
[Message part 1 (text/plain, inline)]
Re: Micaela Gallerini 2008-09-04 <b07a9ae00809040343r4d87e6c1le48c943073e3f4e3@mail.gmail.com>
> Using an active sniffer a lamer can spoof, partially or completely,
[...]
> I explain better, if I surf on
> 
> www.debian.org
> 
> the browser can know that all package arrive from
> 
> www.debian.org
> 
> and not from another ip. if arrive a different ip package the browser
> reject it without close the section browser.

Hi,

I'm not sure if my quote snipping summarized your problem correctly.
What I got was that you are concerned about IP spoofing, where the
spoofed packets come (possibly?) from a different source.

Networking issues are not a browser problem. If you are concerned
about that, only use web sites that use SSL, IP/SEC, or the like.
There's nothing that could be fixed in iceweasel.

Christoph
-- 
cb@df7cb.de | http://www.df7cb.de/
[signature.asc (application/pgp-signature, inline)]

Message #16 received at 497789-done@bugs.debian.org (full text, mbox):

From: "Micaela Gallerini" <mat.r.gl@gmail.com>
To: 497789-done@bugs.debian.org
Subject: Re: Bug#497789: security bug on iceweasel
Date: Sat, 25 Oct 2008 17:36:17 +0200
2008/10/25, Christoph Berg <myon@debian.org>:

>  Hi,
>
>  I'm not sure if my quote snipping summarized your problem correctly.
>  What I got was that you are concerned about IP spoofing, where the
>  spoofed packets come (possibly?) from a different source.
>

no, it's not correct you say.
What I am, it's only an example.
The problem is not an IP spooffing but you read more better

windows spooffing.

It's much different one thing or the other.

Look the picture I attach you, is not a IP spooffing it's a WINDOWS spooffing.


>  Networking issues are not a browser problem.

It's a browser problem:

1) if this succeed only on iceape or iceweasel, and not in other browser is a

browser problem

not a my network problem.

2) if the sniffer say that's a browser problem is a browser problem not my.
Read the sniffer, please.

> If you are concerned
>  about that, only use web sites that use SSL, IP/SEC, or the like.
>  There's nothing that could be fixed in iceweasel.
>

If you don't know what it's must fix it's not said that it's not fix
in absolute.

The sniffer said much claire, like all my tests.

And then, I know like use SSL and IP/SEC connection, also this not
solved the problem, but who don't know like use these connection?

And then, if nothing it's to fix in iceweasel, why I would use and SSL
or IP/SEc connection? it's not logic like speech.

Afterword, the browser is to fix, if you don't know what and where fix
it's another problem.

Thanks and best regards.

-- 
Micaela Gallerini




Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#497789; Package iceweasel. (Sat, 25 Oct 2008 20:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luca Bruno <lucab@debian.org>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. (Sat, 25 Oct 2008 20:33:04 GMT) Full text and rfc822 format available.

Message #21 received at 497789@bugs.debian.org (full text, mbox):

From: Luca Bruno <lucab@debian.org>
To: "Micaela Gallerini" <mat.r.gl@gmail.com>
Cc: 497789@bugs.debian.org
Subject: Re: Bug#497789: security bug on iceweasel
Date: Sat, 25 Oct 2008 22:32:14 +0200
[Message part 1 (text/plain, inline)]
Ciao,
sembra esserci stata qualche incomprensione riguardo la segnalazione
iniziale, per cui non riesco a capire dalla tua prima mail in
inglese i dettagli del problema (e come me anche Christoph).

Ti chiederei quindi di esporre più dettagliatamente in italiano il
problema che hai riscontrato, così che mi/ci sia più facile capire di
cosa si tratta. In particolare sotto quali condizioni hai riscontrato
il problema e in cosa consiste l'attacco alla sicurezza. Le schermate
che hai allegato possono essere interpretate in diverse maniere, quindi
mi piacerebbe anche avere un commento sul dettaglio fondamentale che
ciascuna cerca di evidenziare.
Inoltre non ho colto il passaggio tra il problema del plugin flash e
quel che tu descrivi come sniffing e spoofing; ti spiacerebbe
illustrarmelo meglio?

Grazie, Luca

(Basically asking for a more complete report in Italian, hoping that's
easier to understand)

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.    | lucab (AT) debian.org
`. `'`  			| GPG Key ID: 3BFB9FB3
  `-     http://www.debian.org 	| Debian GNU/Linux Developer
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#497789; Package iceweasel. (Sun, 26 Oct 2008 16:33:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Micaela Gallerini" <mat.r.gl@gmail.com>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. (Sun, 26 Oct 2008 16:33:06 GMT) Full text and rfc822 format available.

Message #26 received at 497789@bugs.debian.org (full text, mbox):

From: "Micaela Gallerini" <mat.r.gl@gmail.com>
To: "Luca Bruno" <lucab@debian.org>
Cc: 497789@bugs.debian.org
Subject: Re: Bug#497789: security bug on iceweasel
Date: Sun, 26 Oct 2008 17:31:53 +0100
buongiorno,

      si avvisa che la presente è stata scritta senza polemica di sorta.

Il 25/10/08, Luca Bruno<lucab@debian.org> ha scritto:
> Ciao,
>  sembra esserci stata qualche incomprensione riguardo la segnalazione
>  iniziale, per cui non riesco a capire dalla tua prima mail in
>  inglese i dettagli del problema (e come me anche Christoph).
>

questo è probabile, ma se non si è capito basta dire "I misunderstood,
can you rephrase please?", che mi sembra più corretto nei rapporti
interpersonali che non un "non c'è nulla da fissare in iceweasel" che
è quello che mi è stato detto e che mi fa sembrare non solo stupida ma
pure visionaria e dato il log dello sniffer e le immagni inviate non
mi sembra che non vi sia un baco in iceweasel.
Quindi se dobbiamo parlare parliamo in modo corretto per cortesia, mi
sembra il minimo tra informatici adulti, poi se dobbiamo far passare
le persone per stupide e dire che non ci sono bachi e che il problema
sta tra la sedia ed il video, come fanno in una nota società
informatica closed source, facciamo pure.
questo per quanto riguarda il messaggio del sig. Crhistoph.

>  Ti chiederei quindi di esporre più dettagliatamente in italiano il
>  problema che hai riscontrato, così che mi/ci sia più facile capire di
>  cosa si tratta. In particolare sotto quali condizioni hai riscontrato
>  il problema e in cosa consiste l'attacco alla sicurezza.

Chiedo scusa ho utilizzato un linguaggio tecnico di sicurezza
informatica corrente e in inglese tali attacchi si chiamano.

windows spooffing (spoffing delle finestre, che sono le immagini che
vi ho postato)

enumeration (le enumerazioni, vedi il log dello sniffer che è scritto
addirittura in italiano)

poi ce ne sono altre ma finirei per fare una lezione di sicurezza
informatica, ma non mi sembra questo il posto adeguato per le lezioni,
ho altri posto dove faccio questo regolarmente.

Scusa non capisco la frase "in quali condizioni hai riscontrato il problema"

provo comunque a rispondere.

non c'è un momento preciso in cui vi è questo attacco. Non dipende dal
sito in cui sono, visto che quello che ho postato è solo un esempio e
dalle immagini si nota perfettamente che un frame è stato staccato dal
sito, si vede una parte della finestra sottostante che non dovrebbe
essere visibile ed il frame che fluttua sulla finestra attiva è ben
visibile. (spooffing delle finestre). E non sono io a decidere quando
viene fatto l'attacco.
E comunque, se sapessi che dipendesse da un sito in particolare e non
da altri avrei contattato il webmaster del sito, invece succede anche
con le caselle di posta, gmail, yahoo, qualunque sito con frame.

> Le schermate
>  che hai allegato possono essere interpretate in diverse maniere, quindi
>  mi piacerebbe anche avere un commento sul dettaglio fondamentale che
>  ciascuna cerca di evidenziare.

Le immagini che ho allegato possono essere abbinate solo ed
esclusivamente ad uno

windows spoffing

in italiano se ti suona meglio

spooffing delle finestre

anche perchè i frame ancorati dei siti non si spostano da soli, vedi immagini.


>  Inoltre non ho colto il passaggio tra il problema del plugin flash e
>  quel che tu descrivi come sniffing e spoofing; ti spiacerebbe
>  illustrarmelo meglio?

è il plugin flash che ha un baco, il lamer utilizza la procedura
fscommand per accedere al browser, invia un qualunque comando al
sistema, anche a basso livello come mostrato nel log dello sniffer
perchè le enumerazioni avvengono a basso livello e non di certo ad
alto, ed effettua spoofing delle finestre, attacchi DoS, attacchi
DDoS, enumerazioni, blocchi dello schermo, blocco di xorg o altro
ancora, sono infinite le possibilità una volta acceduto da browser al
sistema.
Perchè succede?
Perchè il sistema vede una richiesta dal browser e dice "è
un'applicazione fidata, arriva dal browser, è mio amico il browser" ed
ecco che cede le difese e dice "prendi pure tutto quello che vuoi,
caro" peccato che non è il browser a chiederlo.
Ecco perchè vi ho suggerito, oltre alla risoluzione del baco, di
aggiungere una procedura che identifichi l'ip del pacchetto entrante
in modo che se non arriva dal sito attivo in quel momento la procedura
lo blocca in automatico e si prevengono in sostanza qualunque tipo di
attacco.
Ossia, attivo la navigazione entrando in (esempio):

www.debian.org

il pacchetto parte ed arriva al mio browser, visualizzo il sito.
Il pacchetto ritorna ad internet, mentre ciò accade il lamer prende il
pacchetto lo spooffa e cerca di rimandarmelo indietro.
Se ho la procedura che ho descritto prima, il browser identifica che
l'ip del pacchetto spooffato non arriva dal sito originale
(www.debian.org), ma da un altro ip.
Il browser blocca il pacchetto spooffato in arrivo e rigetta indietro
il pacchetto al mittente.
Il pacchetto reale e vero dovrebbe ritornarmi indietro regolarmente
una volta che il pacchetto finto è stato bloccato.

Cordialmente

Micaela Gallerini




Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#497789; Package iceweasel. (Sun, 26 Oct 2008 18:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Luca Niccoli" <lultimouomo@gmail.com>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. (Sun, 26 Oct 2008 18:36:04 GMT) Full text and rfc822 format available.

Message #31 received at 497789@bugs.debian.org (full text, mbox):

From: "Luca Niccoli" <lultimouomo@gmail.com>
To: 497789@bugs.debian.org
Subject: Fake?
Date: Sun, 26 Oct 2008 19:32:38 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Look on Google for the name of the submitter.
I suspect we should consider this bug a deliberate fake.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkEt7sACgkQ4OR+1T4ba9igIACfXLjKb2///MFnI05ei9ZEUDR5
36gAoIih+DEy5C8asJVlE03wlasSgQsS
=fJ6m
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#497789; Package iceweasel. (Sun, 26 Oct 2008 20:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Eric Dorland <eric@debian.org>:
Extra info received and forwarded to list. (Sun, 26 Oct 2008 20:21:02 GMT) Full text and rfc822 format available.

Message #36 received at 497789@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: Luca Niccoli <lultimouomo@gmail.com>, 497789@bugs.debian.org
Subject: Re: Bug#497789: Fake?
Date: Sun, 26 Oct 2008 16:18:23 -0400
[Message part 1 (text/plain, inline)]
* Luca Niccoli (lultimouomo@gmail.com) wrote:
> Look on Google for the name of the submitter.
> I suspect we should consider this bug a deliberate fake.

What makes you think so?

-- 
Eric Dorland <eric@kuroneko.ca>
ICQ: #61138586, Jabber: hooty@jabber.com

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#497789; Package iceweasel. (Mon, 27 Oct 2008 00:57:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Luca Niccoli" <lultimouomo@gmail.com>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. (Mon, 27 Oct 2008 00:57:02 GMT) Full text and rfc822 format available.

Message #41 received at 497789@bugs.debian.org (full text, mbox):

From: "Luca Niccoli" <lultimouomo@gmail.com>
To: "Eric Dorland" <eric@debian.org>
Cc: 497789@bugs.debian.org
Subject: Re: Bug#497789: Fake?
Date: Mon, 27 Oct 2008 01:56:12 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Oct 26, 2008 at 9:18 PM, Eric Dorland <eric@debian.org> wrote:

> What makes you think so?

The mail written in italian is almost as incomprehensible as the one
written in english (and a bit insulting as well), so I started
doubting and I googled for the name:
the first page returned is titled "Micaela Gallerini = troll, ignore her."
In [1] she shows a quite superficial understanding of networks, but in
this bug report she pretends to be a security expert.
But now I double checked a lot of threads about her problems with
debian, and I'm wondering whether she is making it up or she just has
some kind of conf problem with her system and she thinks it's
iceweasel's fault.
Anyway, I suggest Micaela to provide a proof of concept exploit, a
known malicious website, or better technical details about the bug, so
that we can understand what the problem, if any, is.
She can write in italian, I'll be glad to translate.
Regards,
Luca

[1]  http://lists.debian.org/debian-user/2008/07/msg00374.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkFEZ4ACgkQ4OR+1T4ba9hcDgCcDu63yGxs37GglgN2U9DvqERw
GYIAmwVGTN8f4JOE6nNqOvGava2kZUtr
=hrLc
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#497789; Package iceweasel. (Mon, 27 Oct 2008 10:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luca Bruno <lucab@debian.org>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. (Mon, 27 Oct 2008 10:42:05 GMT) Full text and rfc822 format available.

Message #46 received at 497789@bugs.debian.org (full text, mbox):

From: Luca Bruno <lucab@debian.org>
To: 497789@bugs.debian.org
Cc: "Luca Niccoli" <lultimouomo@gmail.com>, Christoph Berg <myon@debian.org>
Subject: Re: Bug#497789: security bug on iceweasel
Date: Mon, 27 Oct 2008 11:38:48 +0100
[Message part 1 (text/plain, inline)]
Firstly, a rough translation of the previous mail for non-Italian
readers: 
She doesn't like the fact that the report was closed as
not-a-bug, stating that there are enough elements to prove it.
The first point here is that she says that new "fake" windows/frames
hijacked the workspace, interpreting that as a window spoofing attack
[1]. She adds that it isn't related to single rogue site, but it
happens on all sites with frames (citing gmail, yahoo, and various
other webmail).
The second issue she reports (maybe related) is that the flash
call fscommand() could be not safe, letting a malicious app the ability
to invoke program on the target host (in the first mail she report part
of the log of a network sniffer, during a SMB domain enum).
She suggest to fix the bug and implement an ip-based filter to avoid
the attack (here descibed as a mix of Man-in-the-middle and
tcp-connection injecting by a third party host).

Then my comments:
Firstly, the SMB enum is completely unrelated to this report, and I
think the reporter just mixed what is an internal SMB traffic with
which is usually called resource enumeration on an attacked host.
Then, the part regarding the ip-source check could be ignored, as she's
probably missing some fundamentals on the protocol (ie. here there
isn't any injection at tcp-level).

Coming back to browser issue, this is clearly a mixture of flash/swfdec
behavior and iceweasel own rendering. Judging from the screenshot, she's
using swfdec; looking at the source, both swfdec and gnash doesn't
fully support fscommand(), but only a minor and safe subset (ie. "quit"
and such). So actually this shouldn't pose a security problem (it
could be relevant with the proprietary plugin, though I can't really
say if fscommand() works without limits on linux, and what we could do
for that). Secondly, I won't say she's experiencing a window spoofing
attack. The only thing I can desume from the screenshot is a probably
"strange" rendering and disposition of some iframed sites, which could
be due to the embedded flash object, plus two unnamed windows which
should be something external (swf object players or such). I really
doubt that an intelligent user could be tricked this way by a
specifically crafted website (or, anyway, we can't do much more to
technically fix a human problem).

Many details of the report are anyway obscure, so I had to add some own
assumptions and interpretations to reach those conclusion. More details
and specific info are welcome, if I've missed some points.

I would agree with Cristoph closing this report as it isn't a bug in
iceweasel, nor in any free flash player.

In the end, I would agree with Luca, as I've already meet her on many
mailing (eg. debian-italian, cc-italian, debian-user both under her
real name and the nickname heba) and she has already proven to a be a
mixture of uncollaborative troll and an egocentric security paranoid
person, who is laking deep knowledge on certain fields and tends to
correlate unlinked events to describe them all as a security attack
in place (I could link previous threads here, but this isn't the main
point of the bug report). Her second mail in italian was almost confuse
as the first english one, plus adding some sarcastic comments that I
personally didn't like (but I won't really engage an harsh discussion
here).

Nonetheless, I tried to be objective and inspected the issue
from a neutral POV. Eric, please read all the above comments and decide
by yourself.

Cheers, Luca

[1] http://www.mikx.de/firespoofing/

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.    | lucab (AT) debian.org
`. `'`  			| GPG Key ID: 3BFB9FB3
  `-     http://www.debian.org 	| Debian GNU/Linux Developer
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#497789; Package iceweasel. (Sun, 09 Nov 2008 09:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Micaela Gallerini" <mat.r.gl@gmail.com>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. (Sun, 09 Nov 2008 09:03:03 GMT) Full text and rfc822 format available.

Message #51 received at 497789@bugs.debian.org (full text, mbox):

From: "Micaela Gallerini" <mat.r.gl@gmail.com>
To: 497789@bugs.debian.org, lultimouomo@gmail.com
Subject: re: fake? (partially OT)
Date: Sun, 9 Nov 2008 10:00:25 +0100
Luca Niccoli wrote:

> Look on Google for the name of the submitter.
> I suspect we should consider this bug a deliberate fake.

Mr. Niccoli, prove it in a court that I'm a troll, please, because the
evidence to bring to court even with regard to this security bug will
be clear in any court in the world and Mr. Bruno should know perfectly
well that what I brought is perfectly regular, which is an actual
proof that a judge may judge and support as evidence tested in court.
Now if the aim is to defame me, was already doing a good job in the
Italian lists can go back there, thank you.
In Italy are so stupid that you believe everyone.
No offense Mr. Bruno, but I think that the positions taken are very
clear that no one is ever allowed to deny those people, but has always
supported what they were saying to the detriment of many people, not
only with regard to my person, but for much people.
Although this reason alone to me in everything I said on my website
warning against these lamer running for italian lists and website.

Now, Mr. Niccoli if a courtesy to say something useful to the
discussion and resolution of the security bug of the topic, please
behave properly and expresses your ideas on data so as technical
experts have made above, otherwise I can only say that only a lamer
have an advantage or that the security bug will not be resolved,
seeking excuses and excuses again also doing social engeeniring
certainly not lost the experts.

[ironic]
Naturally, however, I'm a troll and rightly so I invented my pictures
posted because those do not exist, those sites do not exist and frame
not moving. The log of sniffer I have also invented what is not true I
wrote it myself manually, but sin that a person does not assume the
Debian has seen the original log and can testify that it is bogus.
Namely the attack happened really, ah...yes, this person don't exist[/
ironic]

I apologize for the OT, but if I was unfairly accused at least let me
do not defend like that in Italy I will step up his mouth in favor of
certain people, giving reason in the eyes of others that seek Internet
newbie on google (because there is only one search engine according to
them) and take the first topic that are around, because the people and
not IT experts (experts because they know perfectly what can cause the
Internet to understand and know who is really a troll from whom no )
They see that nobody says anything then it is true that some tramer
(troll+ lamer) going to say about the lady.

But seen way things are going, I will report back to Italy for
defamation anyone show or topic that you will report to that topic
posted by a tramer (troll + lamer) and that will continue and will
support this claim without having evidence of what it says .
When I try, I intend to try to bring proven in court, as I will have
every single word on the internet, on my site or in the various lists,
forums or foreign sites, or other open source projects.

I apologize again, but public response to public accusation and given
that no one defends me I am defending itself.

-- 
"The stupid believe ever in a stupid"
Rashna
Micaela Gallerini




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 08 Dec 2008 07:32:50 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 10:04:52 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.