lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: phc at hushmail.com (phc@...hmail.com)
Subject: [PHC] Sermon #2: Security Industry

-----BEGIN PGP SIGNED MESSAGE-----

There is a common misconception in the diseased "security community"
that sees Security Company as Savior and Evil Vendor as Satan. This
is absolutely ridiculous. Putting aside the fact that most Microsoft
security researchers have no interest in security -- merely using
their advisories as a platform for assault against a corporation
that their slashdot-bandwagon-induced brainwashing tells them is
the evil empire of the Internet -- the smear campaigns launched
by security companies against vendors (such as Microsoft) to
justify their work is like watching a televised debate between the
disincarnate souls of Hitler and Stalin titled "You, sir, are not
a nice person."

Microsoft's Mean Monopoly clearly has no business ethics. They
shove their products down everyone's throat. They try to annul
all competition. They stand accused of poor QA testing.

Now have a look at the security industry. They describe themselves
as refuges in a virtual battlefield -- a battlefield created and
sustained by themselves. They are directly responsible for the
uprising of the scriptkid population throughout the globe. They
are cause and effect. They are the root of illness and the cleverly
disguised snake oil panacea that claims to be a cure. They exist
on fear, uncertainty, and doubt. They are hypocrites. They contradict
themselves. Their knack for generating a false sense of security
is surpassed only by their knack for securing a false sense of
dependence. Their luminaries are unable to display critical thinking
abilities when their views are challenged -- they resort to ad hominem
attacks ("scriptkids," "lamers," ...) and circular logic. The most
ardent lovers of full disclosure are the ones capitalizing on it (this
is not an attack on capitalism, per se). They are in league with the
governments of the world, governments that are blind to see that a
*better* level of security can be achieved by eliminating the security
industry. The government turns to the security industry for assistance
in implementing and deploying its great new Orwellian devices and toys,
and the security industry happily obliges... a security industry that is
meant to be about security and privacy for the individual. The
government passes new legislation that seeks to deter the symptoms
(scriptkids), but does nothing for the cause (the security industry).

You pay Microsoft a shitload of cash for Visual C++ and, hey, you
get an IDE that most software engineers would give grudging respect
to, at least. You pay the security industry a shitload of cash and
what do you get? Absolutely nothing. Nada.

Who are the real pricks?

They will use us as an example. They will say Project Mayhem is only
the more reason to invest in their services. If they get desperate
enough, they will start to randomly raid and subdue us. Right now,
their voice is overpowering. They are feeding the masses with their
lies and deceit. They DO NOT CARE about security. The non-profit
academic community cares about security. They DO NOT CARE about
privacy for the individual. The EFF, EPIC, et al care about privacy
for the individual. They are the demons of avarice who will drive
rivets into the Internet, making it a prison that is controlled and
patrolled by wardens who will rob the Internet of its great virtue:
a place where the individual can express herself or have her voice
heard. They will be to the Eden of the Internet what the Sedition
Act was to the First Amendment. They will bolt this fucking thing down under the pretense of eradicating hackers. The "security" they are working towards as they amass large sums of money is the type of
security that will destroy the only thing in the history of the world
that had the potential to unite humanity through communication.

Look beyond all the jeering and l33tspeak of Project Mayhem. Help
us put an end to the security industry. Save the Internet.

If you see the evils of what they are doing, do your part. No matter
what your discipline of study, it's very likely that you can contribute
a textfile or something that speaks at the wavelength of your
particular discipline. Open the eyes of others.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlgEARECABgFAj3b8+MRHHBoY0BodXNobWFpbC5jb20ACgkQ0rw64nEc6GLA8wCfczMR
ssdPEjrPcWZpoe8HNEd7yGIAn2w6QhtN6JGDwXu6xTJHE36Ns0XM
=A8QT
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ