RE: Please post to the list

["Schmehl, Paul L" <pauls () utdallas edu>]

All of that is axiomatic, however, the so-called blackhats have been
posting here, ranting about the security industry and how it it's greedy
and leeches off of other people's work.  They want the industry to go
away, or so they say.  Yet the very reason the industry exists is
because *they* do.  If no one wrote viruses and no one broke in to
networks, I would have plenty of other things to keep me busy.  The only
reason I do what I do is because I have to or our network would be
useless.

If the so-called blackhats were *sincere* about the security industry
going away, *they* would go away.  Then there would be no need for a
security industry.  So, by their *actions*, they belie their own
professed goals, and any rational person can easily come to the
conclusion that what they really want is unfettered access to other
people's equipment.

As far as the assinine argument that some people don't "play by
society's rules" and don't have the same "sense of right and wrong",
that can be easily dispensed with.  Just give me your IP, let me break
in to your box and take it over, and then tell me you won't 1) be
pissed, 2) take action to get me out and 3) at least consider a
response.  It's amazing how fast your sense of right and wrong will
change when it's your box being hacked.

Paul Schmehl (pauls () utdallas edu)
TCS Department Coordinator
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/


> -----Original Message-----
> From: b0iler _ [mailto:b0iler () hotmail com] 
> Sent: Friday, November 22, 2002 3:41 PM
> To: Schmehl, Paul L
> Cc: full-disclosure () lists netsys com
> Subject: RE: Please post to the list
>
> I'll take the bait.  This is a pretty nonsense question.  Of 
> course if it 
> was up to a blackhat they would allow you to have an insecure 
> network.  But 
> lets think for a second about a few common goals of some 
> blackhat actions.
>
> way #1 for blackhats to secure your network:
> Take down the network.  No network = secure network.  Many 
> blackhat's goal 
> is to DoS the network so it cannot be used.
>
> way #2 for blackhats to secure your network:
> Comprise it and then improve security.  Once a blackhat has 
> control of a 
> system then they tend to want to keep it away from other 
> blackhats, so they 
> will secure the system moreso than it was before.  (who says 
> blackhats have 
> to cause damage?  there are good blackhats with the ethic of doing no 
> damage.  some even break in just for fun!)
>
> way #3 for blackhats to secure your network:
> Tell you about it.  Not all blackhats want to break into 
> every box.  Some 
> only have a few targets and do not care about any other 
> systems.  Some are 
> nice people, who don't always play by societies views of what 
> is right and 
> wrong.  - depends on how you define blackhat/whitehat.
>
> Some say whitehat = anyone who helps security at all and 
> blackhat = anyone 
> who hurts security at all.  (aka (in idiots terms) greyhat).
>
> Others say whitehat = anyone who helps security without ever 
> hurting it and 
> blackhat = anyone who hurts security without ever helping it.
>
> way #4 for blackhats to secure your network:
> Comprise it and get detected.  This will cause your boss or 
> yourself to 
> force security to be improved.  May even point out something 
> which you did 
> not know was a problem before.
>
> Blackhats are not one group of cookie cutter people.  Their 
> goals, ethics, 
> and techniques vary.  Not all of them want to cause harm.  
> Not all of them 
> want your box to be insecure. Same with whitehats, not all 
> wish to make 
> money.  not all are script kidies.
>
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
> http://join.msn.com/?page=features/junkmail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html