lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000701c246c6$ac6eb2c0$e62d1c41@kc.rr.com>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: (no subject)

[blah snip blah]
>> No, I mean the "discussion" over the values of our attackers, such as has
>> ensued from my initial post.  Generally to me, discussion = has some
value.
>> Some of the "discussion" here does not fit that criterion.  Just take a
flip
>> through the archives to discover this for yourself.
>
>your idea of discussion seems rather insular.  i suggest broadening your
>horizons.

Broadening my horizons to pointless, stupid "discussion" (more like childish
name calling most of the time) serves no purpose for me or anybody else
here.

>> I frankly am not interested in learning about the values of our phrack
>> friends
>> and I could care less.  I get more useless junk from the e-mails about
the
>> junk mail than the junk mail itself (which Outlook Express so nicely
deletes
>> for me now).  The only thing it has to do with security is the target of
the
>> junk mail.

>whitehat using outlook express.  hehe, gotta love the irony in life.

Your point?  OE was free, and came installed on my machine (which was
important on my 28.8 kbps connection, which I have happily ditched now),
it's fast, and actually, OE 6 makes some nice security/privacy improvements
over previous versions, and I can access Hotmail from it, which is a plus.
Actually, if you keep your client patched (which us pretty easy with a
couple of apps named "wuauboot.exe" and "wuauclt.exe" from Microsoft that
*also* came conveniently installed as "Windows Update Automatic Update"),
and you have enough common sense not to go double clicking on every other
attachment you receive, OE is just as good as (and usually better than) many
mail clients.

>> >of course.  moderating the list would also mean that we couldn't have
this
>> >discussion, which i feel is important, not for me though, Matthew, but
for
>> >you.
>>
>> I think the discussion is equally important for everyone here, if nothing
>> else but
>> for clarity, in my case (which I will try to improve in the future)

you're right, you know.  its not just about you.  its about the other people
here too.  you're absolutely right.

>> >you need to let go of all these fears that `hackers are trying to get
>> >into your system 24/7' and start to embrace concepts like "free
thought",
>> >"rationality", and "understanding".
>>
>> Just FYI, the "fears" are the tools of a certain software company in
Redmond
>> (cough Microsoft cough).  I don't have such a fear that *everybody* is
>> always after me, but I need to be ready for the one who gets in.
>
>and do you really think that day is going to come?  cuz i dont.  though if
>*they* do, i doubt they'd be using something you're already protected
against.
>catch my drift?  you're screwed either way.  this whole security business
is
>just a waste of time.  all you're doing is protecting yourself against
script
>kiddies, who without whitehats, wouldn't know how to exploit
vulnerabilities
>in the first place.  IF YOU STOP TELLING PEOPLE WHERE YOUR SYSTEM IS WEAK
>THEY WILL STOP TRYING TO ATTACK YOU WHERE YOU ARE MOST WEAK.  its quite
>simple, really.

I wouldn't be protected against it if the details weren't made public and
fixes made
available to me.  Just FYI blaming the industry for the proliferation of
security info
is not a very good way to look at this.  Vendors should have written secure
code
in the first place, so such vulnerability information would never have to be
distributed.

>> >yeah no i disagree.  i think over the past few days, if anything, real
>> >intelligence has hit the list and you're not entirely sure as to how you
>> >want to deal with it.
>>
>> So, the "real intelligence" is from those advocating moderation?  If I'm
>> getting
>> what you're
>>
>>...saying?
>short answer: yes.
>long answer: hell yes.

Let me provide you with a rather incredible piece of information on this
subject --
the list will *never* be moderated.  Plain and simple.

>> >that's natural, Matthew, you're being intimidated,
>> >your standing in the whitehat community seems to you as though it is
being
>> >threatened.  thats OKAY.  you just have to get past all that fear and
start
>> >to loosen up a bit.
>>
>> You're wrong there.  Frankly, I will not leave the list no matter what
they
>> do
>> to me.  Nothing of mine is threatened, but the progress of the list *is*
>> threatened
>> if we give in to such pitiful and weak tactics as junk e-mail.

>glad to see we have another supporter then.

I'm not planning on leaving any time soon...

>> >>     We must direct our anger towards these losers at these losers.
>>
>> >this sentence didn't make sense to me.  could you please clarify?
>>
>> Ah, the principle of focus.  Incredible, isn't it?
>
>after reading this sentence four times over i see where you goofed up.
>the sentence should read: "we must direct our anger towards these
>losers,... at these loosers..."
>
>amazing what a little punctuation can do isn't it :)

:-)

>>>could you please give an example to back up your views?  because you must
>>>realise, Matthew, that we all come from different cultures.  what is a
>>>spoiled child to you may be something completely different to the next
>>>person.  also, by giving an example, and making your argument clearer, i
>>>think you'll find that people will not only understand you more, but also
>>>understand you enough that they can retort in a much more informed
manner.
>>>which helps the discussion overall.
>>
>> Okay, I guess I should have put "spoiled children according to my
culture"?
>
>no, i understand that you and i are from different subcultures.  that was
why
>i asked for an example.  so that i can better understand this difference,
not
>that it simply existed.

These "phrack" idiots are spoiled children -- whine about everything, and
act like
they have some level of importance in the world by way of a pitiful attempt
to
destroy another sign of progress in information security.

>> I
>> was implying several specific characteristics, but my main argument was
that
>> one who calls themself a hacker and then resorts to (trivially blocked)
junk
>> e-mail is both of low maturity and ability as well as simply wanting to
feel
>> like
>> they have done something.
>
>this is much clearer thankyou.  but are you sure it was a spoiled child who
>sent you spam, and not just normal advertising?  i mean, there must be
dozens
>of spam bots trolling through this list for email addresses.  unless you
call
>automated scripts "spoiled children" too.  see what i mean?  paranoia.

It wasn't *normal* advertising.  It was/is a deliberate attempt to bring
down the
list (I thought we had agreed on this, yes?).  And, no, I don't call the
bots spoiled
children.  I call the spammers controlling them spoiled children.

>> The concept of full-disclosure *is* having a medium for discussion for
all
>> that
>> are affected, and in a timely manner, correct?
>
>yes i do agree.  i have found Full Disclosure to be more than adequate for
>communicating my part of the discussions so far.  i stated this before.
>where am i losing you?

You referred to the list (the list *named* "Full-Disclosure", btw) as a
middle
ground between those in support of Full-Disclosure and those who aren't.  I
don't think we would have named such at it is if it were a "middle ground",
correct?

>> >> Are you up for it?
>>
>> >up for what exactly?
>>
>> I suppose this links with your statement on the battlefield analogy.
What I
>> am drawing at is a simple, but incredible thing known as *determination*.
>
>ah but discussion isn't war.  i alluded to this in my previous email.  even
>still, i cant help but be provoked by curiosity... why am i up for
>determination?

You don't have to be fighting a war to be determined, as is true in this
case.
I am (don't know about you) determined not to let a bunch of bored, anti-
social losers force this list into moderation.

>> To those who suggest the answer is moderation of the list -- get a life.
>
>oh i agree.  i'm much prefer to see this list turned into an anti-whitehat
>discussion list.  seems like much more of an appropriate place than a newer
>list for sure.  i mean, this list is much more known than a list that
hasn't
>even been created yet.  and its audience is probably more likely to be less
>fearful of involving itself, than say, if this list were renamed to
"WHITEHAT
>HOLOCAUST".  dont you agree?

You won't have a whole ton of support on that one, I'm afraid... (definitely
not any from me) :-)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ