| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Mar 2008 10:24:12 -0500
From: "Michael Krymson" <krymson@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [full disclosure] agile hacking?
I'm not sure a "community book" is going to make a lot of sense, have any
coherency, or be all that useful. If you want a view of the future, go to
packetstorm, grab up 100 random text "how to's" and see how well they read
when placed back to back as a book. It won't be pretty. It'll read worse (or
better content-wise) than Ankit Fadia's The Unofficial Guide to Ethical
Hacking, which was a joke even back in the day.
Will the "book" have any point to it, technical oversight, or applicability
to different environments? It might be great that someone in Pakistan can
hack wireless router B, but can he only do it from his special build of
FreeBSD? What about details on attacking gateway C version 1.34.2 that is
already 2 years old? Is that fair game, even though it is so specific that
it really just becomes one more bit in a reference manual? Will the material
be outdated by the time it even gets posted? Are you teaching principles or
specifics? I wonder if your "book" will be heavily weighted towards web
attacks and hardware gateway attacks. That would be a shame, but might be
defensible as the hot new topic in recent years...but you'd lose out on the
chance to include networking voodoo and OS/code ninjitsu. I'm sure everyone
can learn something beyond their slice of the pie, which would be a benefit
if you can get a more even field of submissions.
Agile hacking might be taken to mean you should teach people how to hack in
general, not how to hack specifics. Teach a man to fish... Just a quibble on
your choice of subject line. Can someone reading a hack how-to be able to
apply it agilely to other situations?
You might be better served encouraging participation in a wiki-styled site
as opposed to some book. Allow for search, peer review, and anonymous/open
submissions. You can then control the categories and maybe exert some
editorial review to keep the spirit of the work centered without deviating
into a load of crap with some gems hidden here and there. Is it browsable?
Is it readable cover-to-cover? Or is it a categorial or search reference?
Heck, you can even use forums, but make sure not everyone can create new
threads. Only create threads for appropriate materials but allow open
commenting on such posts.
Of course, any attempt to exert editorial control will result in loud and
unhappy kiddies who think you're a nazi and have no skill and suck just
because what they wrote belongs in some hacker kiddie group e-zine that
rambles for 87 pages. Such is the nature of our field, it ranges from high
school kiddies to geek squad tech support jockeys to pen testing consultants
to fortune 100 managers with some technical chops. Who do you want to
include?
Then again, maybe you just need to do it, naysayers be-damned, and see how
it goes. But I'd be concerned that you're wasting your time. Though, it'll
get you attention and as most marketers may say, any attention is good
attention. Successful or not, it keeps you busy in the eyes of the
journalists who give you the press. (Or maybe you can do a Month of PDP Book
Submissions?) :)
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists