lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: raymond at dyn.org (Raymond Morsman)
Subject: Re: anonymous doesn't want to be rm-d by Ph
	rack High Council

On Wed, 2002-08-14 at 14:06, sockz loves you wrote:

> whitehat, and as such i dont associate myself with that scum.  allow me to

Whitehats don't break laws. So explain "scum".

> side to exist, the other must also exist.  script kiddies rely upon whitehats,
> such as yourself, to provide them with information that can be used in a
> malicious attack against their lecturer's computer, and whitehats rely upon

No, they don't. That's against the idea of being white hat. If a
whitehat gives code, it will only be a proof of concept, not an exploit.

> this immaturity to demand higher paying contracts so that they can "better"
> protect the world from *evil* "hackers".  kinda like how in that movie with

The demand came before the offer, hackers were there long before people
thought of security officers for information systems in generic use.

> face it.  the only interest whitehats have in the security industry is money,
> prestige, and girlz.  not security.  if you had any sense at all you'd keep
> your mouth shut about any shit you turn up.  you'd keep silent and use it for

No, security through obscurity is BAD.

> its sad.  pretty damn fucking sad.

Yes, your overwhelming lack of knowledge you seem to need to compensate
by blabbing a lot is sad. First good remark (you were even wrong on Gina
Davis, must have been quite some time you've actually seen a woman).

> but these are just my thoughts.  i mean, if you want to continue in your path
> towards the destruction of society then thats your business.  but ask yourself,
> Nigel Hardy, is the information i publicise to the security industry really
> helping *security* itself?  or is it really going to be used by some script
> kiddy to create another code red?

People will find flaws. If whitehats or vendors don't get to them they
won't be fixed. Users won't be warned. Then, the more dangerous kind of
"hackers" will own your systems. There's a code of conduct in place to
stop abuse of 0dayz, the vendor will get a reasonable headstart.

Then it's up to the system administrators to keep up. In most cases they
are the weak spot (like with Code Red).

So, what is actually so bad that whitehats do?


Raymond.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020814/a5ade229/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ