lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: vxdude2003 at yahoo.com (VX Dude)
Subject: Scandal: IT Security firm hires the author of Sasser worm

Note, this isn't addressed to the admin's or virus
helpdesk folks, but to the whitehats trying to sell
another product or service and try to pretend that
they did it out of the "good of the community".

=======================================================

Did everyone just sober up from defcon already?

Where would the security industry be if it weren't for
criminals?

Who would write the books for you (or the research
they're based on)?  Who would make nice pretty power
point slides for the next Blackhat Conference?  Where
would ISS be without TESO?  Where would iDefense be
without their "anonymous" tip program?

Everything you guys know can be traced to evil
criminals.  Your whole industry is based on
perception.  They hire a virus writer, because now
they can scare client's with him.  Just like how you
guys publish way too much information.... "to help out
the admins".

ha ha ha ha ha ha

The "admins" dont need offsets, and your PoC's don't
protect them.  Your "full-disclosure" is
"fear-disclosure".  You guys scare the shit out of
everyone in some twisted hope that vendors will make
patches avialible faster, and admins will patch
quicker.  Its fear that drives this industry, and fear
which makes your profits.

In the recent Oracle debacle, why did Application
Security Inc release information for 44 Oracle
vulnerabilities.  Was it to help with problems that
the patch caused? Nope.  It was to once again install
fear.   If they make you think there is a clear and
present danger, perhaps you'll buy there products. 
And if there wasn't any present danger, they give
other hackers a head start to manufacture the danger.

You whitehats play the game, and you tell me you don't
know the rules?  Fear is Money.  Thats why Application
Security Inc did it, thats why Securepoint bought Sven
Jaschan, thats why ISS X-Force creates 0day, thats why
iDefense buys "intellegence", and thats why you bought
Kevin Mitnick's latest book.

If you're going to play the game, then learn to play
it well.  Who knows, you may put up a challenge.  If
you're going to whine that someone else figured out a
better strategy, then you should either copy them or
leave the industry.

Stinny,
Internet Sniper

--- "Gregory A. Gilliss" <ggilliss@...publishing.com>
wrote:

> Mr. Thomas,
> 
> Oh, do shut up! Three words: Robert Morris Junior!
> 
> -- Greg
> 
> On or about 2004.09.20 11:21:23 +0000, Feher Tamas
> (etomcat@...email.hu) said:
> 
> > Hello,
> > 
> > The german IT security company "Securepoint" has
> hired Sven
> > Jaschan, who wrote and spread the Sasser Internet
> worm,
> > which caused widespread and costly damages to
> legions of
> > Windows computers.
> > 
> > He will work as a developer for security softwares
> such as
> > firewalls.
> > 
> > This is a scandal! Whether or not you like the
> 250k USD
> > head-hunting bounty which Microsoft Corp. paid to
> have Mr.
> > Jaschan nailed, he is still a criminal.  Hiring
> him is a
> > taboo. It is totally unacceptable to picture him
> as a modern
> > age Robin Hood or freedom fighter. He is a
> criminal, similar
> > to an arsonist, who sets a house alight and the
> fire spreads
> > to an entire city.
> > 
> > I urge all to boycott the Securepoint and I urge
> those who
> > suffered losses due to the Sasser worm to sue
> Securepoint
> > and seek damages. VXing must end and we must send
> a strong
> > message to teenagers that cracking is not hacking
> and will
> > not be tolerated.
> > 
> > Securepoint website:
> > http://www.securepoint.cc/
> > 
> > Info about Sven Jaschan's hiring:
> > http://www.f-secure.com/weblog#00000296
> > 
> > Sincerely: Tamas Feher from Hungary.
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> 
> -- 
> Gregory A. Gilliss, CISSP                           
>   E-mail: greg@...liss.com
> Computer Security                             WWW:
> http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52
> BA B7 83 D9 B4 14 0E 8C A3
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ