Full Disclosure mailing list archives
RE: Please post to the list
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 22 Nov 2002 15:56:04 -0600
All of that is axiomatic, however, the so-called blackhats have been posting here, ranting about the security industry and how it it's greedy and leeches off of other people's work. They want the industry to go away, or so they say. Yet the very reason the industry exists is because *they* do. If no one wrote viruses and no one broke in to networks, I would have plenty of other things to keep me busy. The only reason I do what I do is because I have to or our network would be useless. If the so-called blackhats were *sincere* about the security industry going away, *they* would go away. Then there would be no need for a security industry. So, by their *actions*, they belie their own professed goals, and any rational person can easily come to the conclusion that what they really want is unfettered access to other people's equipment. As far as the assinine argument that some people don't "play by society's rules" and don't have the same "sense of right and wrong", that can be easily dispensed with. Just give me your IP, let me break in to your box and take it over, and then tell me you won't 1) be pissed, 2) take action to get me out and 3) at least consider a response. It's amazing how fast your sense of right and wrong will change when it's your box being hacked. Paul Schmehl (pauls () utdallas edu) TCS Department Coordinator The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
-----Original Message----- From: b0iler _ [mailto:b0iler () hotmail com] Sent: Friday, November 22, 2002 3:41 PM To: Schmehl, Paul L Cc: full-disclosure () lists netsys com Subject: RE: Please post to the list I'll take the bait. This is a pretty nonsense question. Of course if it was up to a blackhat they would allow you to have an insecure network. But lets think for a second about a few common goals of some blackhat actions. way #1 for blackhats to secure your network: Take down the network. No network = secure network. Many blackhat's goal is to DoS the network so it cannot be used. way #2 for blackhats to secure your network: Comprise it and then improve security. Once a blackhat has control of a system then they tend to want to keep it away from other blackhats, so they will secure the system moreso than it was before. (who says blackhats have to cause damage? there are good blackhats with the ethic of doing no damage. some even break in just for fun!) way #3 for blackhats to secure your network: Tell you about it. Not all blackhats want to break into every box. Some only have a few targets and do not care about any other systems. Some are nice people, who don't always play by societies views of what is right and wrong. - depends on how you define blackhat/whitehat. Some say whitehat = anyone who helps security at all and blackhat = anyone who hurts security at all. (aka (in idiots terms) greyhat). Others say whitehat = anyone who helps security without ever hurting it and blackhat = anyone who hurts security without ever helping it. way #4 for blackhats to secure your network: Comprise it and get detected. This will cause your boss or yourself to force security to be improved. May even point out something which you did not know was a problem before. Blackhats are not one group of cookie cutter people. Their goals, ethics, and techniques vary. Not all of them want to cause harm. Not all of them want your box to be insecure. Same with whitehats, not all wish to make money. not all are script kidies. _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list Day Jay (Nov 22)
- <Possible follow-ups>
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Day Jay (Nov 22)
- Re: Please post to the list Alexander Bartolich (Nov 22)
- RE: Please post to the list b0iler _ (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 23)
- RE: Please post to the list ratel (Nov 23)
- Re: Please post to the list John Andersen (Nov 23)
- RE: Please post to the list Schmehl, Paul L (Nov 23)