[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20020816082917.19692.qmail@email.com>
From: sockz at email.com (sockz loves you)
Subject: Administrivia
Hi Scott.
It was refreshing to read your email. I agree with you on many points and
couldn't resist the urge to reply.
> For the most part, I agree with you. I've spent a lot of time reading over
> some rants/manifesto-type stuff at http://www.eurocompton.net/~fuk/phrack/
> and elsewhere. My attitude about this whole situation was basically "same old
> tired angst, new set of kids", until I started looking past the l33t speak
> and the profanity. ethics1.txt really started to change my mind a bit.
>
> That said, there was one point below that I was hoping you'd elaborate on.
>
> So what you are advocating is no more public discussion of security issues,
> because such discussion is invariably co-opted by large companies as
> basically free research, and they then go on to make money off of the sweat
> of various hackers. Is this more or less correct?
to a degree. yes, that is part of it. but its only a minor part. first of
all, the people it makes money OFF are not hackers, they're whitehats with the
delusion that they are hackers. the people it TAKES capital gain from, though
ARE hackers. but like i said, this is just a minor point. the big part of
the argument is that through public discussion of security issues you have
morons leeching off the ideas of those with intelligence. people cease to
work for themselves. taht and its just plain stupid to begin with. hackers
aren't after security. they're after security that can be compromised.
> I agree with your sentiments, however: by not publicly discussing security
> information, we ensure that only the underground (which you must admit has
> more than its share of people eager to misuse such info) has this knowledge.
> If the underground could be trusted not to hurt others with the knowledge, I
> would not have a problem keeping it there. My issue is, when exploits and
> holes stay private, it means that a small group of individuals is able to do
> some very nasty stuff to people that have no means of protecting themselves.
> Being on the receiving end of that kind of attack is frustrating and can be
> rather scary at times.
yes. but that's life, Scott. and in many ways, if you think about it, we're
all better off in a scenario like that.
a) it restores the "knowledge = power" relationship -- forcing all the stupid
people to stay stupid and not rise to fame on the shoulders of others.
b) when an exploit is known to only a small covert group, it cannot be used
by many other people. hence, fewer people are affected by that exploit.
c) the fewer internet security companies you have, the better. why? because
they are _companies_ and the fundamental focus of any company is profit.
while their core function may be security, it is the exploitation and
careful manipulation of that core function that is used for profit. HENCE
you have more capitalists trying to exploit the security fears and
inhibitions of people like e-business executives where it is UNECESSARY.
the entire security industry is HOLDING BACK e-business because it generates
fear and paranoia in order to generate profit.
so the part where one individual may suffer isn't of any great concern. you
remove the security industry and you remove this 'desire for profit' that has
managed to latch itself onto the minds of programmers. its not about profit.
its about information. its about intelligence. to put a price on intelligence
is to devalue humanity.
> I used to think the solution was full disclosure of all information - after
> all, hackers used to have the motto "Information wants to be free", and this
> was the motivation in days gone by. What I'm sensing now is that attitude has
> been replaced by cynicism as hackers, working for the good of the community,
> have had their work stolen by greedy corps.
YES!!!! YES THAT IS EXACTLY RIGHT! And it has changed the psyche/mindset of
those who used to call themselves 'hackers'. they have changed into profiteers
who's only concern is public glory, money, and having their ego stroked. greed
like that isn't human and it isn't smart. anyone who argues that its the
challenge of uncovering an exploit that leads them to post information on some-
thing like bugtraq, is lying. its not the challenge that motivates them. its
the public recognition that they're after... the recognition that they have
*some* kind of intelligence capable of meeting that challenge.
> So maybe the solution now is more along the lines of what Raschid said -
> hackers banding together, closing ranks, keeping the info and techniques and
> knowledge available, but available to the underground, and most importantly,
> making sure ethics (along the lines of what Raschid said) are passed on.
>
> The idea that with great power comes great responsibility is one that I think
> is missed sometimes, especially in newer hackers who are merely in a rush for
> power or glory.
this is perfectly true. and real power is not overt in its nature. real power
is covert. it is hidden and unseen. if knowledge = power then it stands to
reason that those who give out their information give away their power. what
you end up with is an immature society thats conditioned to dealing with power
by giving it away because they have no idea how to handle it responsibly.
furthermore you have power being given to those who wouldn't normally have
knowledge of the vulnerability. and with that you have those morons out there
who are not able to handle the information in a responsible manner. THINK
ABOUT IT. if you were smart enough to discover a way to compromise a system
in the first place, your first reaction isn't going to be as stupid as to tell
every script kiddy you see. nor are you going to go and exploit it without
caution. no. you're going to store your knowledge and use it in a manner that
renders covert results. ie results that dont provoke victims to draw attention
to you.
> Is there no room anymore for the original definition of the word? (referring
> to ESR's jargon file entry) It looks like the definition being embraced is
> the criminal one (i.e. hacker being akin to a cracker, somebody who breaks
> into other machines, rather than a hacker being someone who creates things).
[next bit is actually from the end but i put it here cuz its relevant]
> The name 'hacker', until recently, did not mean somebody who breaks into
> systems. Some would argue that the meaning you ascribe to it is what has
> sullied its reputation; that the true meaning of hacker is more along the
> lines of the jargon file entry.
>
> http://www.tuxedo.org/~esr/jargon/html/entry/hacker.html
true. i dont refer to "crackers" as such. i did at one stage but really, its
just a whitehat term that allows whitehats to call themselves hackers, and real
hackers end up not being hackers at all. eric may be right in the origins of
the word, but society changes. the word "gay" is a good example of that. or
"faggot". i mean if you look up the word "faggot" in the dictionary it gives
you something completely different to the meaning we have for it today.
fag·ot also fag·got Pronunciation Key (fgt)
n.
A bundle of twigs, sticks, or branches bound together.
A bundle of pieces of iron or steel to be welded or hammered into bars.
tr.v. fag·ot·ed, also fag·got·ed fag·ot·ing, fag·got·ing fag·ots, fag·gots
To bind into a fagot; bundle.
To decorate with fagoting.
(source: http://www.dictionary.com/search?q=faggot)
eric also suggests that a person isn't labelled a hacker unless someone
else labels them a hacker. and i think thats kinda stupid. a person whos
hacking activites are THAT known to a community (of any sort) isn't a
hacker. they're an "imbecile". people exist outside of labels, Scott.
you could say someone is an accountant who occasionally dabbles in the art
of magic. whether you see them as a mage or an accountant is beside the
point. the point being that books are still balancing and you are still
find them strangely charming. you could call them a janitor and still see
the same effect.
> The law has a tendency to condemn blackhats, to date. :) (Those that are
> caught, anyway.)
yep. but only stupid and irresponsible blackhats get caught.. those who dont
know how to handle their power... those who are looking for scene status or
seek some other un-intellectual goal. and if you look at a lot of the policy
drawn up in the past few years to deal with blackhat hackers, you have to
realise that it has come as a result of the security industry's grip of
paranoia over luddites. and i can tell you that most of the policy makers (be
they politicians or beaurcrats) aren't all that computer savvy. when looking
for information they go to a security company and that company tells them to be
scared. so even though they may learn as they go along, what they learn is
based on this notion of "the internet is scary, its not secure, and hackers are
everywhere just waiting to pounce!".
a smart hacker will work in collusion with the government, just like your media
moguls work with politicians. or like law enforcement agencies work with your
ISP. like i said, real power is covert. and if you have that kind of power
its very hard for someone to take it away from you. because they dont know you
have it.
Hope this made my previous posts a bit clearer.
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
Powered by blists - more mailing lists