Re: Security Industry Under Scrutiny #4

[Day Jay <d4yj4y () yahoo com>]

First, I would like to state that I am NOT a hacker. I
do not hack, and do not claim to be a coder, a good
coder or a specialist in anything having to do with
computers. But I do know one thing...

The thing is that everyone wants fame. You sockz want
fame. You seek fame as being a great blackhat rep.
Everyone wants to be recognized for something. I think
this is the real issue at hand. Gobbles seeks media
attention and fame and yet publishes exploits and
speaks at defcon saying wolves are among us. While he
claims to be nonprofit, he still is getting
"attention" and "fame" for what he has done. This
makes him a fame whore. He wants to be known through
using his skills of finding and or writing exploit
code. The only difference between him and the
whitehats you accuse of being greedy, is that
whitehats get fame AND money. 

So, by paying for a house or a job for spending one's
time developing/finding exploits would be "bad"? Would
it be better to be a homeless exploit coder?

Be real, there's no way the whitehat security industry
is ever going to be stopped. No one can put a lid over
something they have no control over. It's out of your
reach. You can't stop free speech.

As long as there are people and things to purchase,
people will always be ripped off. As long as there are
computers, they will always be vuln to something. GET
IT THROUGH YOUR HEAD--YOU CAN'T STOP IT.

What you are suggesting is a kind of communism which
is very unrealistic. A script kiddie is born every
second. One day, that script kiddie could become ten
times better than you-what are you gonna do then?

FINE. Hate whitehats, that's fine. There's some
whitehats I don't like-but even if you got rid of all
the whitehats, more would fill their shoes bud. THINK.

As long as there is free speech, then a state
described in 1984 is less likely to occur.

I think any blackhat with any sense wouldn't come out
of the woodwork to claim who he is. Just advice to
you.

d4yj4y

greetz to phc & eeye



--- sockz loves you <sockz () email com> wrote:
> > They're already skilled at developing their own
> tools for "killing", and
> > they already "kill" for various reasons, whether
> it be personal gain,
> > organisational gain (ie a hacking group), or
> conceivably for the gain of
> > a foreign, enemy power.  To continue your
> comparison between wannabe
> > hackers and amateur killers, the blackhats,
> therefore, are the
> > professional hitmen.  The real contract killers. 
> The Jackal, perhaps.
>
> oh please, and you think that telling everyone about
> some new xml exploit
> is going to stop people like that?  face it, buster,
> there is no way to stop
> professional hackers.  but the crucial differences
> are:
>
> a) they generally spend less time looking for
> exploits and are fewer in
>    numbers than whitehats.  thus, pose less of a
> threat to security than
>    the amount of information put out by the security
> industry to the
>    general public.
>
> b) these people dont share their exploit
> information.  reducing the likelihood
>    of an attack to some random system.  essentially
> it is safer.
>
> c) if the security were so great at doing its job
> then why do these people
>    still exist in society?  as it stands, current
> practices seem as though
>    the result would be more professional hackers
> because more people are being
>    informed about how to hack shit.  sure there is a
> big leap between reading
>    something liek nomads faq and being paid to hack
> shit for some terrorist
>    organisation, but given that the audience is so
> large, that percentage
>    chance is still a higher number.
********************************************************************************
> but, the issue here is not that professional's
> liability but rather corporate
> responisbility in the kind of information it
> releases.
********************************************************************************
> > Which do you think an open, democratic society
> would see as the greater
> > threat?
>
> the threat that wants to see the general public
> turned into criminals, thus
> degrading society and making crime more common. 
> crime is bad for society,
> remember?
>  
> > The threat of a vast number of people capable of
> "falling off the
> > cliff" and killing other random citizens that
> don't have protection
> > details etc.
>
> heh i like it how you extended this analogy to have
> the hacker falling on ppl
> to kill them.  its cute, i love it :D
>  
> > Or the threat of a select few that understand
> defensive tactics, walking
> > formations, successive layers of security, what
> security surveys are
> > likely to find, and are capable of assassinating
> the head of state?
>
> there is a difference between self defence and
> offense.  i have nothing against
> self defence, i think its a basic human reaction. 
> but to maliciously attack
> another human (or their computer) is illegal.  and
> we have to stop treating
> hacking as though its acceptable in society.  that
> its okay for people to
> read through advisories and then use that
> information to compromise a system.
> its not right.  and non-disclosure is one of the
> more effective ways to stop it.
>  
> > You'll find your answer to this question in the
> degree to which
> > organisations such as the FBI take threats against
> the President so
> > seriously.  They know they can protect against
> most random nutballs with
> > an ounce of information and proper preparedness. 
> They don't know they can
> > protect against an individuals with skill,
> determination and the proper
> > equipment.
>
> sorry but you're wrong.  i dont find my answer here.
>  all i see is that in your
> analogy the FBI can be called the "security
> industry" but where the FBI releases
> information to the public (maybe through a newspaper
> or tv) on how to
> assassinate presidents.
>  
> > I <3 U 2
>
> !!!
> 2 b4d w3 c4n n3v3r b 2g3th3r bcuzz u r a wh1t3h4t &
> 3y3 h8 u :(
> -- 
> _______________________________________________
> Sign-up for your own FREE Personalized E-mail at
> Mail.com
> http://www.mail.com/?sr=signup
>
> Meet Singles
> http://corp.mail.com/lavalife
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html