lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: hellnbak at nmrc.org (hellNbak)
Subject: Symantec Buys SecurityFocus, among others....

> Houses
> - ----------
> Fat Checks Are Good Biz
> They buy warm houses for March
> Is yours made of glass?

OK, so now the idiots who don't have the necessary social skills to get
paying jobs start tossing rocks at those who work for a living.  Yeah, fat
checks are a good biz you are damn right, and what is wrong with that?  If
you are good at something, go get a job doing that which you are good at.
How can you fault someone for that?  Weld Pond has contributed more to the
security industry in general than half the fucks on this list INCLUDING
ME!  It is no surprise that his skill are in demand, do you expect him to
flip burgers for a living?

I have had my shares of run-ins with the guys at Security Focus but do you
think I fault them for getting $75million.  Shit no, I hope after the VCs
are done with them that Al and the crew each put a million or so in their
pocket.  I may not agree with everything SF has done or is going to do but
that is their choice and you can't fault them for making money.


> Or better, thousands per advisory when a consultant for a certain company shows up to audit networks.  What's @stake's billable rate these days?

The difference here is that the consultant you are talking about in this
case WROTE THE FUCKING ADVISORY.  Stop bitching and start contributing.
Why is everyone so against security consultants that have a clue?  Whats a
matter your script kiddie tools aren't as effective anymore?  Jealous that
you just can't seem to make a big discovery yourself?  (heh, I know I am)

What we should be bitching about are the moronic (usually big 5)
consulting companies that have no clue and rely on FUD and commercial
products to do their work for them.

> I'll not even touch this.  I could make fun of several hypocrits on this
> list, but like anybody in the industry that actually contributes, I have
> a regular job; one that doesn't involve stroking and petting my ego.


What does wanting to contribute a free vulnerability database have to do
with petting ones ego?  This is about keeping the information free and
helping EVERYONE in the industry.  Oh yeah, I forgot, this means that
people might actually start patching boxes making your s'kiddiot tools not
work.  This in-fighting and finger pointing is complete bullshit gweeds
style.  Why not work together for a common good?

> Now, it's time to cut the shit.

I agree.

> First and foremost, let me say this list is complete dogshit.  I'd
> like to go on the record with my opinion being that moderated mailing
> lists are a good thing.  It keeps all the fucking whining to a minimum.

Again, I agree, moderation prevents abuse.  But, moderation also makes
certain people whine that they are being censored.....blah..cry me a
river.

> Second, I've been amazed at what big fucking morons the "esteemed hackers"
> in the community are.  Especially Chris and Jay.
> Wow!  I thought you guys were really intelligent, and to some extent,
> The only thing I've seen from any of you at this point is hidden agenda.
> You guys are truely disgusting.  You guys set the bar for low.  Proof
> that nothing is ever what it seems.

Explain what you feel this hidden agenda is?  I consider both Jay and
Chris to not only be true hackers but to also be friends.  So other than a
bit of common sense what is the hidden agenda?

> And let's not even talk about Marty Roesch.  If there's another person
> that knows something about giving heart and soul to a project, and
> continually getting exploited, he's our man.  He runs a great project,

If anything, ALL of us should be writing and contributing more NEssuss
signatures for stuff.

> Furthermore, I'm thankful to see that people like Chris and Jay have
> actually come out of the closet to show what fucking miserable,
> narcissistic, ugly people they really are.  It's high-time that we
> finally get an idea of the wheat and chaff in this industry, and
> seperate them.  I still nearly fall off my chair with laughter when
> I visualize Chris sucking up to MS, and trying to push the
> "responsible disclosure" agenda while moderating an allegedly
> "full disclosure" list, and posting to others.  You're a man of
> many faces, Chris, all of them in twos.  I'll not even pick on Jay;
> I really feel pity on him.

Now this is a load of shit.  Responsible Full Disclosure means working
with a vendor to get something fixed and then releasing and advisory - NOT
blindsiding a vendor with one days notice or no notice at all.  What is
wrong with Chris, a moderator of VulnWatch, getting invovled in the whole
responsible full disclosure thing?  I would rather have him involved
because he has a clue than some moron like Russ Cooper or even worse the
MS people alone.

As for VulnWatch -- vulnwatch is full disclosure a post has never been
rejected based on the status of a vendor.  Yeah, they encourage people to
work with vendors but they don't force it.  I KNOW THIS FOR A FACT!

Its time for the so called community to put up or shut up.


-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@...c.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ