lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 3 Oct 2011 09:44:49 +0200
From: Ferenc Kovacs <tyra3l@...il.com>
To: GloW - XD <doomxd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Is this for real.. http://n3td3v.org.uk/

> i assume, there is way more credit-fraud and rape etc going on, than
> wares...or, police having to waste time, on wares... i think police
> themseves detedst those things, and hence why the clouds still linger over
> some websites wich should be 'down' yet, are not.

it's not working like that, you can't expect that the cops/feds won't
chase piracy while there are more serious crimes unresolved.
sadly.

> That, is simply isp not complying with a takedown order wich is, completely
> up to them. Why would they want to loose good customers/people who bring
> them even traffic and revenue thru websites.

it simply: not worth taking the risk.
if you won't comply, you are risking that your whole business can go
down the toilet, and if and when you can prove that you are right, you
lost your business already.
and usually those customers is the minority of your client base, and
they are a risk for your own infrastructure also(they can hack/abuse
your own servers).

> I dont promote ads on my one, but i have always maintained a very steady and
> friendly,helpful with security, to my hosters wich they really appreciated.
> So, sometimes being in IT pays off... I guess... but what a struggle to get
> anywhere, even for the harder stuff, and people like n3td34v completely dont
> see that,

yep, we only see what you show on this list, and so far, you didn't
really worked on your whitehat image.

> the whole issue of freedom of speech and, security especially,ie:
> when i submit a PoC, anything nowdays, could happen..

yeah, the net seems to be more similar than the real life, it's much
harder to be truly anonymous nowadays.

> these are the clouds i really wish to lift, in order though, I first must
> set some people on this list into the same state of mind, wich is prooving
> to be alittle harder than i expected.

I think the problem is more about how you deliver the message, not the
message itself.

> n3td3v thinks i am personally attacking his whole persona, wich, i should,
> and could, maybe pentest him and then, see if that is illegal.Ifso then, i
> would assume my tool of choice3, nmap, would also be in danger ?

you brought this (cat)fight to the mailing list, so of course he
thinks that you personally attacking him.

> hehe... see how this can get offtopic, but really it is the same topic of
> security/vpn and now, i am bringing it to an isp and Noc level... and
> hopefully, some others will see the things said, and indeed, they know there
> is a lot more hard crime that could be done by police, wich would benmefit
> ALL communitys, and people IRL, asin kids, in some cases.

see above, you can't expect that lesser crimes are ignored because
there are other more serious crimes out there.

> I also detest the use of the law, for low level crappy crimes when they
> could be rm -rf'ing REAL dangerous people who actually, are trying to harm
> others, or simply, out for extortion and no other reason.

see above.

> I can say now safely, i am from .au and, i feel happy we have the laws here
> for serious crimes, i detested the dd0s kiddy david cecil's 'defacing' and,
> trying to cryout for work... what a b*m... I simply lookin the paper, and
> ring.
> Anyhows, he is in a cell, and for good reason, and, ofc, things with him got
> more serious because he was defrauding people of money.
> This is when, things go down, when you durectly steal funds, ie, if i were
> to steal shares in M$ using a PC, id be considered a cyber-terrorist,and,
> the crime would also be classed as a cyber-attack of terror or some such
> name...because, it not only terrorises, but it also steals data and,not
> 'steals' but uses it. wich is not very nice to loose a credit rating, or
> have feds on your door, coz you trusted a website that got 'owned' and, your
> card used for like 90k ,used to signup to a million places, and whatever
> else.. now, this would have a huge bearing on the crime, because the impact
> is huge on the victim.
> I simply think, police online, are doing the right thing, and arresting
> those involved ij child porn,and other detstable activty,rather than
> worrying about the small guys, who are simply using the net, as a
> playground.

http://en.wikipedia.org/wiki/Broken_windows_theory
if you allow the small fishes to play, they will grow big.
maybe not everyone, but imo many blackhat started with irc wars,
taking over channels, defacing small sites, etc.
if you see that you can break the rules and get away with it, you will
push for more.
at least for those who really enjoy doing this kind of stuff.

-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ