Full Disclosure mailing list archives
Torvalds attacks IT industry 'security circus'
From: n3td3v <xploitable () gmail com>
Date: Sat, 19 Jul 2008 19:27:16 +0100
The maker of Linux was right, "In an e-mail to the Linux kernel developer mailing list, Torvalds said a section of the security industry was dedicated to finding bugs in software only to publicize their findings and gain notoriety." http://news.cnet.com/Torvalds-attacks-IT-industry-security-circus/2100-1007_3-6243900.html We've got to stop doing an HD Moore to make a name for ourselves and release vulnerabilities for the right reason, not to become a cyber security rock star!!! The security industry is a circus, its a joke what its turned into, its not about security anymore its a media circus, with over hype and over drive. Let's cut away with the elitism and become normal people again who aren't pumped up on steroids everyday to become famous. The media are to blame, the Robert Lemos's and the others, they write shit all the time just to make their companies ad click money, they don't really care what's written as long as its security related they don't care. As little research as possible and the most amount of over steer to make the security industry sound more important and exciting than it is. Security, its a dull field to be in, once you know it all you really do know it all. Its a boring sport being a security professional. That's why when some new disclosure comes along, we make a big deal of it, to give us some excitement in your boring life. This security industry is driven by the media to give it free advertising and to drive up profits... the care about security takes second shelf... the ad click and egoism comes first. Go look at the web based archives of the less-busy mailing lists on Securityfocus, its a rat run of security conference spam when the subject is supposed to be on security, thats what we've turned into, a shaft of advertising mecca....In security we get to advertise for free, in security we don't need to buy banner ads. In security we can charge thousands of pounds a ticket to watch a nerd mumble in a voice which only reflects the persons social isolation from the world and the true life style of the geek, a sad lonley pisser, sitting in his own urine and coding up exploit code to give his sad existence more self worth. Fresh air doesn't exist in nerd land, only the recycled air of our own farts and bad breath, at weekends we don't wash, and on Monday your co-workers notice part of your beard you forgot to shave, and you are wearing the same clothes you did last week and everyweek. Do I sound bitter, its because I probably am. We need a shake a good long shake, take hold of yourselves and see what you've turned into, is this what we want to be a hyped up media circus of wombats? The security conference spam runs... let's outlaw that shit. Month of browser bugs and Metasploit framework... let's trash that. Dan Kaminsky... the man who changed internet security...Cnet staff, let's scrap headlines like that. The Pwnie awards & not letting Dan Kaminsky be nominated for most over hyped bug, let's add him and every mother fucker in the industry as a nomination, we're all over hyped and i'm sick of it. And for next years Pwnie awards, let's add a category for most illegally spammed security conference and most over hyped security conference, because they all are. Buy your banner ads and get yourself off the mailing lists now and forever in the future. Stop advertising your security conferences through security researchers and asking them to post the vulnerability a month before the damn conference, we're not stupid we see through you. Yes, you the leaders of the security conferences and the industry, the ones using security researchers to make a lot of cash and make you dirty rich so you can sit on a yacht for the rest of the year with chicks by your side drinking champagne. The leaders of the industry are exploiting the media and the security researchers, they're in it for the money to tool up revenue, they couldn't care less about us and cyber security... they just want to become filthy rich. Its people like you who are screwing it up for the future generation, there won't be a security underground left in 10 years time, because the industry will have it grave yarded and scared the underground away from existence. People are scared the law will change, the government can show you the industry money makers whose really in charge, we can make certain things illegal for security researchers to do, and tighten up on how much money you can make and exploit security researchers for. In the sex trade there is human trafficking, in the security industry there is the exploitation & trafficking of security researchers. So what is the security industry making you researchers? A whore to the cause of making money and not really caring about you or actual security. I've got one thing to say to security researchers... stop being exploited by these people and go independent, don't goto a security conference, stand out in a market square in the middle of a town, and invite anyone along who wants to come. Ticketless, free and open. It will kill the damn security conferences, the rich fucks who are exploiting you. Its time to take control. If the security conference leaders have no security researchers or new techniques to come to their conferences then they will take note and know whose really in charge of things. Boycott security conferences, if you want to speak in public, do it in a random town market square free of charge...invite everyone from the mailing lists to come, stand up on a statue and tell the world about your researched vulnerabilities, but don't feel you need to attend a damn security conference... because you're being exploited and taken advantage of by the big tom cats of the industry!!! The security conference tom cats and the money making security industry will die over night, and while thats a bad thing for the industry leaders, it brings back control to the security researcher and the underground as a whole. We can still save ourselves from being a security circus and being exploited, if we boycott the security conferences... im talking to you keynote speakers like Dan Kaminsky. If you had announced you were going to give your talk at a random town square free of charge and invited everyone who wanted to be there to come on the mailing lists you would have gotten a lot more respect. To base your disclosure and speech around a money oriented security conference takes away credibility for your cause, and takes away power and control away from the ever corroding underground scene. Kill off security conferences... the media circus... the security circus that the maker of Linux is talking about. Give a bug merit where its due and no merit where it isn't... I stand shoulder to shoulder with Linus Torvalds in condemning the direction the security scene is going in and so should everyone. All the best, n3td3v http://n3td3v.googlepages.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Torvalds attacks IT industry 'security circus' n3td3v (Jul 19)
- Message not available
- Re: Torvalds attacks IT industry 'security circus' n3td3v (Jul 19)
- Message not available