Full Disclosure mailing list archives

(no subject)

From: full-disclosure () lists netsys com (Matthew Murphy)
Date: Sun, 18 Aug 2002 09:51:02 -0500

[blah snip blah]

No, I mean the "discussion" over the values of our attackers, such as has
ensued from my initial post.  Generally to me, discussion = has some

value.

Some of the "discussion" here does not fit that criterion.  Just take a

flip

through the archives to discover this for yourself.


your idea of discussion seems rather insular.  i suggest broadening your
horizons.


Broadening my horizons to pointless, stupid "discussion" (more like childish
name calling most of the time) serves no purpose for me or anybody else
here.

I frankly am not interested in learning about the values of our phrack
friends
and I could care less.  I get more useless junk from the e-mails about

the

junk mail than the junk mail itself (which Outlook Express so nicely

deletes

for me now).  The only thing it has to do with security is the target of

the

junk mail.

whitehat using outlook express.  hehe, gotta love the irony in life.


Your point?  OE was free, and came installed on my machine (which was
important on my 28.8 kbps connection, which I have happily ditched now),
it's fast, and actually, OE 6 makes some nice security/privacy improvements
over previous versions, and I can access Hotmail from it, which is a plus.
Actually, if you keep your client patched (which us pretty easy with a
couple of apps named "wuauboot.exe" and "wuauclt.exe" from Microsoft that
*also* came conveniently installed as "Windows Update Automatic Update"),
and you have enough common sense not to go double clicking on every other
attachment you receive, OE is just as good as (and usually better than) many
mail clients.

of course.  moderating the list would also mean that we couldn't have

this

discussion, which i feel is important, not for me though, Matthew, but

for

you.


I think the discussion is equally important for everyone here, if nothing
else but
for clarity, in my case (which I will try to improve in the future)


you're right, you know.  its not just about you.  its about the other people
here too.  you're absolutely right.

you need to let go of all these fears that `hackers are trying to get
into your system 24/7' and start to embrace concepts like "free

thought",

"rationality", and "understanding".


Just FYI, the "fears" are the tools of a certain software company in

Redmond

(cough Microsoft cough).  I don't have such a fear that *everybody* is
always after me, but I need to be ready for the one who gets in.


and do you really think that day is going to come?  cuz i dont.  though if
*they* do, i doubt they'd be using something you're already protected

against.

catch my drift?  you're screwed either way.  this whole security business

is

just a waste of time.  all you're doing is protecting yourself against

script

kiddies, who without whitehats, wouldn't know how to exploit

vulnerabilities

in the first place.  IF YOU STOP TELLING PEOPLE WHERE YOUR SYSTEM IS WEAK
THEY WILL STOP TRYING TO ATTACK YOU WHERE YOU ARE MOST WEAK.  its quite
simple, really.


I wouldn't be protected against it if the details weren't made public and
fixes made
available to me.  Just FYI blaming the industry for the proliferation of
security info
is not a very good way to look at this.  Vendors should have written secure
code
in the first place, so such vulnerability information would never have to be
distributed.

yeah no i disagree.  i think over the past few days, if anything, real
intelligence has hit the list and you're not entirely sure as to how you
want to deal with it.


So, the "real intelligence" is from those advocating moderation?  If I'm
getting
what you're

...saying?

short answer: yes.
long answer: hell yes.


Let me provide you with a rather incredible piece of information on this
subject --
the list will *never* be moderated.  Plain and simple.

that's natural, Matthew, you're being intimidated,
your standing in the whitehat community seems to you as though it is

being

threatened.  thats OKAY.  you just have to get past all that fear and

start

to loosen up a bit.


You're wrong there.  Frankly, I will not leave the list no matter what

they

do
to me.  Nothing of mine is threatened, but the progress of the list *is*
threatened
if we give in to such pitiful and weak tactics as junk e-mail.

glad to see we have another supporter then.


I'm not planning on leaving any time soon...

    We must direct our anger towards these losers at these losers.

this sentence didn't make sense to me.  could you please clarify?


Ah, the principle of focus.  Incredible, isn't it?


after reading this sentence four times over i see where you goofed up.
the sentence should read: "we must direct our anger towards these
losers,... at these loosers..."

amazing what a little punctuation can do isn't it :)

:-)

could you please give an example to back up your views?  because you must
realise, Matthew, that we all come from different cultures.  what is a
spoiled child to you may be something completely different to the next
person.  also, by giving an example, and making your argument clearer, i
think you'll find that people will not only understand you more, but also
understand you enough that they can retort in a much more informed

manner.

which helps the discussion overall.


Okay, I guess I should have put "spoiled children according to my

culture"?


no, i understand that you and i are from different subcultures.  that was

why

i asked for an example.  so that i can better understand this difference,

not

that it simply existed.


These "phrack" idiots are spoiled children -- whine about everything, and
act like
they have some level of importance in the world by way of a pitiful attempt
to
destroy another sign of progress in information security.

I
was implying several specific characteristics, but my main argument was

that

one who calls themself a hacker and then resorts to (trivially blocked)

junk

e-mail is both of low maturity and ability as well as simply wanting to

feel

like
they have done something.


this is much clearer thankyou.  but are you sure it was a spoiled child who
sent you spam, and not just normal advertising?  i mean, there must be

dozens

of spam bots trolling through this list for email addresses.  unless you

call

automated scripts "spoiled children" too.  see what i mean?  paranoia.


It wasn't *normal* advertising.  It was/is a deliberate attempt to bring
down the
list (I thought we had agreed on this, yes?).  And, no, I don't call the
bots spoiled
children.  I call the spammers controlling them spoiled children.

The concept of full-disclosure *is* having a medium for discussion for

all

that
are affected, and in a timely manner, correct?


yes i do agree.  i have found Full Disclosure to be more than adequate for
communicating my part of the discussions so far.  i stated this before.
where am i losing you?


You referred to the list (the list *named* "Full-Disclosure", btw) as a
middle
ground between those in support of Full-Disclosure and those who aren't.  I
don't think we would have named such at it is if it were a "middle ground",
correct?

Are you up for it?

up for what exactly?


I suppose this links with your statement on the battlefield analogy.

What I

am drawing at is a simple, but incredible thing known as *determination*.


ah but discussion isn't war.  i alluded to this in my previous email.  even
still, i cant help but be provoked by curiosity... why am i up for
determination?


You don't have to be fighting a war to be determined, as is true in this
case.
I am (don't know about you) determined not to let a bunch of bored, anti-
social losers force this list into moderation.

To those who suggest the answer is moderation of the list -- get a life.


oh i agree.  i'm much prefer to see this list turned into an anti-whitehat
discussion list.  seems like much more of an appropriate place than a newer
list for sure.  i mean, this list is much more known than a list that

hasn't

even been created yet.  and its audience is probably more likely to be less
fearful of involving itself, than say, if this list were renamed to

"WHITEHAT

HOLOCAUST".  dont you agree?


You won't have a whole ton of support on that one, I'm afraid... (definitely
not any from me) :-)

Current thread:

(no subject), (continued)
- - - (no subject) Matthew Murphy (Aug 16)
    - (no subject) Timothy J.Miller (Aug 16)
    - (no subject) Matthew Murphy (Aug 16)
    - =;-> full-disclosure () lists netsys com (Aug 16)
    - Yes? Peter van den Heuvel (Aug 17)
- (no subject) full-disclosure () lists netsys com (Aug 16)
- (no subject) full-disclosure () lists netsys com (Aug 16)
- (no subject) sockz loves you (Aug 16)
  - (no subject) Matthew Murphy (Aug 17)
- (no subject) sockz loves you (Aug 18)
  - (no subject) Matthew Murphy (Aug 18)
- (no subject) Schmehl, Paul L (Aug 18)
- (no subject) sockz loves you (Aug 18)
  - (no subject) M L Lynch [ SotG ] (Aug 18)
- (no subject) M L Lynch [ SotG ] (Aug 18)
- (no subject) sockz loves you (Aug 19)
  - (no subject) Fred (Aug 19)
- (no subject) 5uddenly g0n3 in73l (Aug 19)
- (no subject) sockz loves you (Aug 19)
  - Shiver me timbers. full-disclosure () lists netsys com (Aug 19)
    - Shiver me timbers. Timothy J.Miller (Aug 19)

(Thread continues...)