Full Disclosure mailing list archives
Re: Security Industry Under Scrutiny #4
From: Day Jay <d4yj4y () yahoo com>
Date: Tue, 21 Jan 2003 11:13:23 -0800 (PST)
First, I would like to state that I am NOT a hacker. I do not hack, and do not claim to be a coder, a good coder or a specialist in anything having to do with computers. But I do know one thing... The thing is that everyone wants fame. You sockz want fame. You seek fame as being a great blackhat rep. Everyone wants to be recognized for something. I think this is the real issue at hand. Gobbles seeks media attention and fame and yet publishes exploits and speaks at defcon saying wolves are among us. While he claims to be nonprofit, he still is getting "attention" and "fame" for what he has done. This makes him a fame whore. He wants to be known through using his skills of finding and or writing exploit code. The only difference between him and the whitehats you accuse of being greedy, is that whitehats get fame AND money. So, by paying for a house or a job for spending one's time developing/finding exploits would be "bad"? Would it be better to be a homeless exploit coder? Be real, there's no way the whitehat security industry is ever going to be stopped. No one can put a lid over something they have no control over. It's out of your reach. You can't stop free speech. As long as there are people and things to purchase, people will always be ripped off. As long as there are computers, they will always be vuln to something. GET IT THROUGH YOUR HEAD--YOU CAN'T STOP IT. What you are suggesting is a kind of communism which is very unrealistic. A script kiddie is born every second. One day, that script kiddie could become ten times better than you-what are you gonna do then? FINE. Hate whitehats, that's fine. There's some whitehats I don't like-but even if you got rid of all the whitehats, more would fill their shoes bud. THINK. As long as there is free speech, then a state described in 1984 is less likely to occur. I think any blackhat with any sense wouldn't come out of the woodwork to claim who he is. Just advice to you. d4yj4y greetz to phc & eeye --- sockz loves you <sockz () email com> wrote:
They're already skilled at developing their owntools for "killing", andthey already "kill" for various reasons, whetherit be personal gain,organisational gain (ie a hacking group), orconceivably for the gain ofa foreign, enemy power. To continue yourcomparison between wannabehackers and amateur killers, the blackhats,therefore, are theprofessional hitmen. The real contract killers.The Jackal, perhaps. oh please, and you think that telling everyone about some new xml exploit is going to stop people like that? face it, buster, there is no way to stop professional hackers. but the crucial differences are: a) they generally spend less time looking for exploits and are fewer in numbers than whitehats. thus, pose less of a threat to security than the amount of information put out by the security industry to the general public. b) these people dont share their exploit information. reducing the likelihood of an attack to some random system. essentially it is safer. c) if the security were so great at doing its job then why do these people still exist in society? as it stands, current practices seem as though the result would be more professional hackers because more people are being informed about how to hack shit. sure there is a big leap between reading something liek nomads faq and being paid to hack shit for some terrorist organisation, but given that the audience is so large, that percentage chance is still a higher number.
********************************************************************************
but, the issue here is not that professional's liability but rather corporate responisbility in the kind of information it releases.
********************************************************************************
Which do you think an open, democratic societywould see as the greaterthreat?the threat that wants to see the general public turned into criminals, thus degrading society and making crime more common. crime is bad for society, remember?The threat of a vast number of people capable of"falling off thecliff" and killing other random citizens thatdon't have protectiondetails etc.heh i like it how you extended this analogy to have the hacker falling on ppl to kill them. its cute, i love it :DOr the threat of a select few that understanddefensive tactics, walkingformations, successive layers of security, whatsecurity surveys arelikely to find, and are capable of assassinatingthe head of state? there is a difference between self defence and offense. i have nothing against self defence, i think its a basic human reaction. but to maliciously attack another human (or their computer) is illegal. and we have to stop treating hacking as though its acceptable in society. that its okay for people to read through advisories and then use that information to compromise a system. its not right. and non-disclosure is one of the more effective ways to stop it.You'll find your answer to this question in thedegree to whichorganisations such as the FBI take threats againstthe President soseriously. They know they can protect againstmost random nutballs withan ounce of information and proper preparedness.They don't know they canprotect against an individuals with skill,determination and the properequipment.sorry but you're wrong. i dont find my answer here. all i see is that in your analogy the FBI can be called the "security industry" but where the FBI releases information to the public (maybe through a newspaper or tv) on how to assassinate presidents.I <3 U 2!!! 2 b4d w3 c4n n3v3r b 2g3th3r bcuzz u r a wh1t3h4t & 3y3 h8 u :( -- _______________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Meet Singles http://corp.mail.com/lavalife _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 batz (Jan 21)
- Re: Security Industry Under Scrutiny #4 Silvio Cesare (Jan 21)
- Re: Security Industry Under Scrutiny #4 yossarian (Jan 21)
- <Possible follow-ups>
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Re: Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 Day Jay (Jan 21)
- Re: Security Industry Under Scrutiny #4 Silvio Cesare (Jan 21)
- Re: Security Industry Under Scrutiny #4 Day Jay (Jan 21)
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Re: Security Industry Under Scrutiny #4 The Hawklord (Jan 21)
- Re: Security Industry Under Scrutiny #4 hellNbak (Jan 21)
- Re: Security Industry Under Scrutiny #4 Ron DuFresne (Jan 22)
- Re: Security Industry Under Scrutiny #4 hellNbak (Jan 21)
- Re: Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Security Industry Under Scrutiny #4 ratel (Jan 22)
- Re: Security Industry Under Scrutiny yossarian (Jan 22)
- Re: Security Industry Under Scrutiny #4 ratel (Jan 23)