Re: RE: Security Industry Under Scrutiny: Part Two

[Silvio Cesare <silvio () big net au>]

On Mon, Nov 18, 2002 at 07:01:46PM +0000, democow the happy cow wrote:
> > From the desk of democow,
>
> /* Basically what is actually done by Black-Hats and White-Hats
> is the same thing: find holes and patch them (or is it not
> among the first things after a server is owned that the
> Known software holes of the server are patched?).
 
Hehe.. Nice ;-)

oh shit.. wait.. I gotta fix something, my "managers" been bugging
me all w33k!

> The only difference lies in the individual attitude,
> And even that may very well differ from instance to instance.
> */
>
> I find this to be totally untrue, in some respects the methods that 
> black\white hats go about to discover and find information about a cretin 
> subject is quite the same.
 
OK.  How is this for a challenge..

Definition: Script Kiddy

        A person who h4ckz into systems using the tools written by
        other people, without knowing how they work.

Definition: (I wish I was A) Script Kiddy

        A person who * systems using the tools written by
        other people, without knowing how they work.

[ * May be your MCSE, maybe your forensics d00d. ur nmapper pen tester.
    Place your bets! ]

^^ oh shit.. we just l0zt half of the whitehat community!

> But the intentions are entirely different. And the repercussion of actions 
> of the part of each is entirely different.
 
Yes, correct.  Take for example the whitehat who goes to school because
Information Technology (IT) is the "big thing" these days..  or the sec.
person who, erm, whats the world.. $$$ ?

> /*
> But it is my opinion, that individuality cannot be governed
> By ethics finally.
> */
>
> what is it that a person judges himself by if not his ethics, and the 
> ethics of the people he\she chooses to be around? people hang around like 
> minded people.. And in this community that is usually based on ethics
>
> your choice of words here is quite odd, and reflects your misunderstand of 
> the situation at hand?
>
> /*
> No system can function responseably if there are no response-able
> individuals.
> */
>
> and what do you think the white hats are my friend
 
Erm.. yah.  I need not to go into why such things as RFC's have been
written up in response to "vendor inaction" and "irresponsible disclosure".

How many vendor's will use legislation for "non-disclosure" because
it protected the "companies" $$$ and not the consumers?

> /*
>
> Worms or Script-Kiddies are just part of the background sounds
> of the internet jungle, they serve their purpose. No need to
> "fight" them, just protecting against them is sufficient.
> Real threats come from bigger animals, come from bigger organizations.
> No man should tell another man what to do, but I think we
> would be all better off with an internet which is not too much
> Regulated by law or tied up by big "systems".
> */
>
> we are in no way telling people what they should, should not do we, we are 
> not trying to control anything other then information flowing to people 
> that should not access to it , as well as making sure that anyone who plans 

Thanks for YOUR decision on MY behalf ;-)

Maybe cases throughout history, what you are describing has occured -
In fact, its rather well documented for such people to make decisions
for the so called "welfare" of other people, without realizing that
such people are capable of their own welfare.

Australia has the classic example of the "stolen generation" in a
context of decision makers, making decisions for others on their behalf.

Do you remember the time when homosexuality was seen as disease?  My
doctor told me this is what I must do, so I can fulfil HIS (or her)
expections of my own welfare.

> to let said information flow into the general stream knows the 
> repercussions an event like that would have.. Just because script kiddies 
> are not that bight.. That dose not stop them from their actions and the 
> money spent not only to stop them.. But of the financial loss of regular 
> consumers.. Due to credit card fraud.. Down time.. etc, the info-sec 

Erm..  Financial losses to consumers..  now, if only I can get this
f*qing box to run 24/7 without continually crashing.  If only this
was public information on whats making this run or not run, MAYBE I can
get some of my own work done for a change..  At least, I can do this
in opensource without fear of the DMCA rearing its uglyness.

BoB (if I may call you that) - if you believe that the only consumer
loss it the result of security adivisories being pumped out and associated
h4ckZ related to such releases, then perhaps try actually working on
a system, instead of just reading Bugtraq all day..

In any case, you know how much revenue advisories churn out for
a company?  Rather ALOT actually.. how much do vuln researchers make?
not THAT much in comparison.

> industry can not function with out their presence and they and the white 
> hats and responsible for their arrival.. We want to remove them? why do you 
> want to keep them here?
>
> As well do not forget what socks said, that they are in part responsible 
> for the harsh laws being implemented
 
Erm.. psych's call this "blame the victim syndrome".

"The clothes she was wearing; look at that mini-skirt.. she was litterally
screaming and wanting to be..."

"These heavy handed negro laws wouldn't be in place if it weren't for the
negro's.. we are only trying to protect society as a whole - how
narrow minded these black people are to not think of everyone".

"If it werent for these bl4ckh4t's, we wouldnt HAVE to be require being
able to monitor your connection without respect for privacy, constitution,
legislation or social justice".

Did you ever see that episode of the larry sanders show -->

Jepeordy -->

        A: This group controls the worlds money.



        Q: Who are the Jews?

-

Damn.. I think I'm going to have to take some Jew's money, because
he must have stolen it from me in a previous generation, or exploited
the masses to get into the position he is now.

(Lets ignore things like the Australian native land right cases which
can counter the above literal example)

> -Democow
> "why do you need any other cow"

OK.. silly bug for now (s0me pe0pl3 c4nt c0unt) - erm. 1999 is fuqin
crazy (I don't even know if this code is r34l or not to be honest)!

This is RH 8.0 (which is really nice actually - I believe they will
easily give windows a run for their money on the desktop; though I'm sure
many will bitch and say RH 8.0 l00ks too much like win* - perhaps).

--- bsd-finger-0.17/finger/util.c       1999-09-29 08:53:58.000000000 +1000
+++ bsd-finger-0.17-silvio/finger/util.c        2002-11-08 14:29:26.000000000 +1100
@@ -373,7 +373,7 @@
        char *p;
        const char *q;
        int len;
-       static char pbuf[15];
+       static char pbuf[16];

        /* don't touch anything if the user has their own formatting */
        for (q = num; *q; ++q)

--
Silvio
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html