lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 18 Apr 2007 08:01:05 -0400
From: "Dr. Neal Krawetz, PhD" <neal.krawetz@....hush.com>
To: <full-disclosure@...ts.grok.org.uk>, <ge@...uxbox.org>
Subject: Re: UK ISP threatens security researcher

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Let's keep in mind that publishing most security information
borders extortion.  There isn't any other industry where fat nerds
try to strongarm large corporations into admitting there are
weaknesses in their products, defaming them publicly, causing their
stock prices to fall, or otherwise damaging their public image and
thus causing financial damage, et cetera.

Gadi, I doubt your people would be thrilled if you tried to
petition Yahweh with complaints regarding His children being
vulnerable to pieces of metal fired at high velocity from guns, and
demanding that if things aren't fixed within what you consider a
satisfactory timeframe (which, in the end is just some arbitrary
number invented by people with no concept of industry and
economics) that you will arm every man, woman, child, and lizard of
bordering Arabic nations to Israel in order to teach that big guy
up in the sky a lesson about not making humans impervious to
gunfire!

Come on man!  You're smarter than this!  When socially inept people
who possess only rudimentary computer skills start bullying (call
it what you will, in the end if you argue against my points you
clearly are one of those people who can't make it in the real
world) corporations for fame and money, which have real-world
financial consequences to said corporate entities, you are in the
least committing extortion.  And while you might think these
efforts are noble, the reality of the situation is simple - this is
absolutely no different than a bunch of Russians with botnets,
forcing businesses to comply with their demands if that business
wishes to continue existing on the Internet.

When was the last time an auto manufacturer was humiliated publicly
because their car windows can easily be broken and contents of the
car stolen?  When have chain manufacturers been chastised by the
mass media for the existence of bolt cutters?  What about the
serious threat of hacksaws?

People, grow up.  If your life is spent behind a computer
discovering uninteresting oversights in software design, where you
clearly lack experience and ability, and proclaiming yourself the
#chatzone badass and drolling saying "I'm the best evah!!!" doesn't
make you important.  The sad state of this industry is that there
are enough ignorant people that find it impressive, and who don't
understand the ramifications of their publicity whoring and the
obvious parallels to other industries.

The long and short of it is:
  If you want to act like a criminal, be prepared to be treated
like a criminal, and don't cry about the choices you've made in
life.  You aren't a fucking martyr when your motivations and cause
are only self-promoting and otherwise selfish.

Always remember the embarrassment to hackers, humans, and Hebrews
everywhere that is Kevin Mitnick.

- - Dr. Neal Krawetz, PhD
http://www.hackerfactor.com/blog/

On Tue, 17 Apr 2007 19:30:54 -0400 Gadi Evron <ge@...uxbox.org>
wrote:
>http://www.theregister.com/2007/04/17/hackers_service_terminated/
>
>"A 21-year-old college student in London had his internet service
>terminated and was threatened with legal action after publishing
>details
>of a critical vulnerability that can compromise the security of
>the ISP's
>subscribers."
>
>I happen to know the guy, and I am saddened by this.
>
>	Gadi.
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkYmCAUACgkQDpFP8dW5K4bwFgP/Z2cmOC7HiPZ9Bp1p0VqC/1IMv40l
Vxi/gS/jMQMDG9XiIZqnDQQwMGm8OhnBu6LfMPi66Xnfr9ZV5zcE3wCeqlRfDsyAuAD7
TvpzfqAfhdLDgfG6hmX9BBZdpALXIa4ijwKuo4zs5uqtA/najmlIwgDjmGXC1NefQsZP
acyWgT8=
=zSxl
-----END PGP SIGNATURE-----

--
Click here for free information on earning a criminal justice degree today.
http://tagline.hushmail.com/fc/CAaCXv1S4xxoKJy71c1syHceuiPxgdCh/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ