lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: ratel at mailvault.com (ratel)
Subject: Beyond black, white, and grey: the Yellow Hat

-----BEGIN PGP SIGNED MESSAGE-----

On 20-Nov-2002 10:50:49 -0500, Sam wrote:

> Secondly, for those of you with certifications and minimal hands on
>knowledge, I can speak with some authority here as I frequently train
>folks like you to do the jobs their certs say they are already
qualified >for and on which they were usually hired to do. Get over
yourself!
>Ok, so you make more money than you are qualified to make, and know
less >than you claim to know, chill out, you got away with it. Enough
said. >Other than, it would now be nice if you would learn the skills
you need to >excel in your chosen field.


It would be nice if you didn't assume everyone here is a mere
knuckledragging data munching packet crunching monkey of a technician
such as yourself. 

Frankly, I doubt you'd know the first thing about what it means to excel
in my chosen field. But if it makes you feel better about yourself to
make all sorts of unwarranted assumptions and call me "kiddie" because I
happen to raise a few unpleasant questions you can't answer, go right
ahead.


>Also, in response to the most recent claim by "phrick", so you hacked
>into someone's mail server, which as I understand it is not owned nor
>managed by said person. Woohoo to you! 


If memory serves me correctly, a simple search through the archives
reveals he did dare them to do it. "hack my mailserver son" or some
such. Well, maybe this should serve as a lesson to us all to be a little
more careful what we ask for.


>I have no problem finding many useful suggests from Mr. Dufresne on a
>variety of security lists. So he isn't just talking the talk. 


Is it true Ron DuFresne has been a member of G-Force Pakistan? Because I
seem to remember reading excerpts in Lance Spitzner's "Know Your Enemy"
of captured IRC conversations featuring some American member who was
making all kinds of embarrassing technical blunders right under their
nose without suspecting a thing.   

If this is true, Mr. Dufresne has no place lecturing me about anything,
much less ethics or security. Or anyone else, for that matter.

Dippy little Deltas like that really ought to stick to their two-bit web
defacements under the watchful eyes of Project Honeynet instead of
gibbering at their betters. 


>I am not a security expert. With the constantly changing technology and
>the constant poorly written code out there, I am just another someone
who >tries to keep up with how to best secure myself, my systems and
those who depend on me to keep them safe. 


That's fine. All anyone can do, really. 
Okay, so maybe the monkey bit was a tad harsh. 
I'm sorry. 
Sort of.


>Shame on those of you who are making such fools of yourself and brava
to >those of you who don't get caught up in the "mine is better than
yours" >game!


To hell with all that. I thought distinguishing yellowhats (people
motivated by money while pretending to be something they're not) from
the real whitehats who honestly care more about security than lining
their pockets was a useful contribution. 

Once again, the real issue here nobody seems to want to talk about is
the hypocrisy inherent in putting working exploits in the hands of
script kiddies while cashing in on pretending to care about security.
Selling snake oil to the government in order to get rich. Ripping off
their clients with puffed-up lame products that they know in their heart
of hearts don't work. Undermining their products' saftety with backdoors
while putting on the dog to investors about how holy they are-- while
simultaneously trying to be a b4DazZ iNz1deR with their more
straightforwardly scumbaggy associates. 

IT TURNS MY STOMACH. IT REALLY, REALLY DOES. 


~Ratel.


***



"Americans used to roar like lions for liberty. Now we bleat
like sheep for security." - Norman Vincent Peale.

 

-----BEGIN PGP SIGNATURE-----
Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com

iQA/AwUAPdvse+YNtyh3zif9EQKktgCfYvR/cyOubKXvqXENkI7XSIVQXzcAnArs
wGSggw6J0kC9PQ0fOjrDx6lo
=R4pm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ