lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.SGI.4.44.0208160147270.52691-100000@hexeris>
From: aliver at xexil.com (aliver@...il.com)
Subject: 1. Think 2. Post (write it down)

On Thu, 15 Aug 2002, Anodyne Perspective wrote:
> Sure, more than an idle threat to you, but only because you waited too
> long to mitigate or prevent the usability or an exploit on your systems,

That implies the vulnerability used against him can be mitigated. You make
a big assumption here.

> or you didn't prevent remote/networked access prior to now.

Well, in this case, you need to disconnect any and all machines you are
responsible for from the Net right now. Kay? Make sure and prevent
networked access to them. Another assumption you make is that he didn't
_need_ his system to be networked or remotely accessible. You have no real
idea why his machine was networked.

>  What's new about this?  What's especially scary?  Nothing.

You don't really have any idea. It could be the next apache or ssh exploit
or it could be a Sendmail bug from 1993. However, when you go making
assumptions, you do blackhats a bit favor. By the way, in case Ron is
reading this "GO BLACKHATS!!"

> These kids are full of piss and wind.

Hmm. It would seem the are also full of exploits, too. "Piss and wind"
implies all talk no action. Obviously they have a little more going than
that or our home-boy here wouldn't have an 0wned machine, now would he?
Another one of your assumptions gone horribly wrong, and easily
preventable with about two seconds of rational thought.

> Increasing age prevents an inexhaustible supply of them.

Nah, I'm pretty old. I'd consider myself a blackhat. Although I don't go
around 0wning people or commiting felonies. I guess I'll just never grow
up and "learn" the merits of being a whitehat. I work for the man, and I
pay the bills by writing code. However, the difference between me and most
of the hypocrites on this list is that I don't try to rationalize what I'm
doing with some false sense of "ethics". I work for the money, doing
insignificant crappy code for a big fat corporation. If they go out of
business, I'm probably screwed. However, the PHC dudes aren't going to
facilitate that. Neither are any other group of hackers.

> Humor them.

Hell yeah! That's the spirit! Just think what they could do with full
access to an HF research lab. Yeah, yeah, Let's go over to Stewart's house
and burn something!

> It's funny to watch them rant about the coming apocalypse of blackhat
> justice.

You like that too? Maybe you are not as vile as I thought.

aliver

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ