lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 19 Mar 2008 15:52:08 +0000
From: "Petko D. Petkov" <pdp.gnucitizen@...glemail.com>
To: "Michael Krymson" <krymson@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [full disclosure] agile hacking?

Michael,

I have no clue how it will go. However, just because no one has done
it and there are too many IFs, it does not mean that we should not
approach this problem. If we manage to find a way to crowdsource all
the information in a timely manner, keep up-to-date with the latest
and be at the time as agile as possible, heck, I don't think that
we've wasted our time. We could even come up with a better system for
managing information different from Wikis, forums, blogs, etc. But
that's part of the challenge and the fun. How can you justify being
called a hacker when we cannot resolve a problem like this one? As I
said, for all of us the gain is more then the lost.

100 people 2 short posts = 200 posts. I can post two things in a
single day. Can you? I think it is a good start. But this is a
community project and without a community it wont work.

On Wed, Mar 19, 2008 at 3:24 PM, Michael Krymson <krymson@...il.com> wrote:
> I'm not sure a "community book" is going to make a lot of sense, have any
> coherency, or be all that useful. If you want a view of the future, go to
> packetstorm, grab up 100 random text "how to's" and see how well they read
> when placed back to back as a book. It won't be pretty. It'll read worse (or
> better content-wise) than Ankit Fadia's The Unofficial Guide to Ethical
> Hacking, which was a joke even back in the day.
>
> Will the "book" have any point to it, technical oversight, or applicability
> to different environments? It might be great that someone in Pakistan can
> hack wireless router B, but can he only do it from his special build of
> FreeBSD? What about details on attacking gateway C version 1.34.2 that is
> already 2 years old? Is that fair game, even though it is so specific that
> it really just becomes one more bit in a reference manual? Will the material
> be outdated by the time it even gets posted? Are you teaching principles or
> specifics? I wonder if your "book" will be heavily weighted towards web
> attacks and hardware gateway attacks. That would be a shame, but might be
> defensible as the hot new topic in recent years...but you'd lose out on the
> chance to include networking voodoo and OS/code ninjitsu. I'm sure everyone
> can learn something beyond their slice of the pie, which would be a benefit
> if you can get a more even field of submissions.
>
> Agile hacking might be taken to mean you should teach people how to hack in
> general, not how to hack specifics. Teach a man to fish... Just a quibble on
> your choice of subject line. Can someone reading a hack how-to be able to
> apply it agilely to other situations?
>
> You might be better served encouraging participation in a wiki-styled site
> as opposed to some book. Allow for search, peer review, and anonymous/open
> submissions. You can then control the categories and maybe exert some
> editorial review to keep the spirit of the work centered without deviating
> into a load of crap with some gems hidden here and there. Is it browsable?
> Is it readable cover-to-cover? Or is it a categorial or search reference?
>
> Heck, you can even use forums, but make sure not everyone can create new
> threads. Only create threads for appropriate materials but allow open
> commenting on such posts.
>
> Of course, any attempt to exert editorial control will result in loud and
> unhappy kiddies who think you're a nazi and have no skill and suck just
> because what they wrote belongs in some hacker kiddie group e-zine that
> rambles for 87 pages. Such is the nature of our field, it ranges from high
> school kiddies to geek squad tech support jockeys to pen testing consultants
> to fortune 100 managers with some technical chops. Who do you want to
> include?
>
> Then again, maybe you just need to do it, naysayers be-damned, and see how
> it goes. But I'd be concerned that you're wasting your time. Though, it'll
> get you attention and as most marketers may say, any attention is good
> attention. Successful or not, it keeps you busy in the eyes of the
> journalists who give you the press. (Or maybe you can do a Month of PDP Book
> Submissions?) :)
> _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>



-- 

Petko D. (pdp) Petkov | GNUCITIZEN | Hakiri | Spin Hunters

gnucitizen.org | hakiri.org | spinhunters.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists