| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: fuk at hushmail.com (fuk@...hmail.com) Subject: These Guys Are So Grey Hats Re: Ten Things >On Sat, 17 Aug 2002 fuk@...hmail.com wrote: <snip> >> 4. As far as "black hats" go... the question remains if they >really are >> black hats at all! Their worst stuff is breaking into their >buddies >> systems and posting their mail spools online? > >Your definition is a bit out of whack. However, I don't think t >hat I can >really set you straight here, but at the very least this has be >en an >interesting read. Okay, so you don't break the law? What do you do? Play Black Hat. You're a kid. I would guess about 25 at most. You later claim you don't even work in the industry. So, what could you possibly know about it? If you are 25 and don't work in the industry -- what, man, do you do? Flip burgers? You don't hack for your living, then how do you make a living? Look, there are real black hats out there that actually live off hacking. I realize you think you are a black hat... but, in reality you all claim bottomline to be trying to make the Internet a more secure place... hence, a grey hat. By your own definition of grey hats... you are a white hat... as your own papers state grey hats are white hats. Regardless, you don't work in the industry, so maybe you are not in a place to lecture. > >> Has it even occurred to them to hack a bank? Or, to hack a Bl >oomberg >> terminal? To hack a senator? Because I am sorry, but if what >they are >> doing is not even criminal or dangerous... then they are not >"black >> hats". > >Wrong. Committing felonies does not make you a blackhat. It's a > certain >mindset. However, something tells me we are not going to agree >here, and >so I won't bother going forward with more detail. > No, in my book that makes you a grey hat, at best. Granted, I am using the terms which your group love to use. I hate the misleading terms of "black, grey, white hats". But, I use it because I realize that you can't think out of stereotypes. >> I understand the fun of vengeance. > >Hmm. Have you ever been near Ruby Ridge or worked for the ATF b >y chance? Right, you don't understand really screwing up people's lives with hacking from serious motives because at worst you are a prankster. That makes you a grey hat, at worst. Kids do pranks. Adults don't. <snip> > >> But, these guys? They are so stupid about what they are doing >, everybody >> knows whom they are. If they ever do do something, or ever ma >ke a real >> threat... they will all be in jail. > >A real threat? You mean if they stopped threatening to cease al >l >cooperation with whitehat pen-testing firms and sit on their co >de and >knowledge <snip> By your own definition, everyone whom posts on Bugtraqs is a white hat. You want us to sit on our knowledge. Sorry, but the oldest hacking ethic I know is to reveal knowledge, not sit on it. You want to hide knowledge. For what reason? To carry out pranks? Or, to continue in this whole worthless political battle that eventually wins you fame for being a "real hacker". We have seen it all before. Again and again, and again. When you grow up, or stop living with your mom, you will have to get a real job. Then, what will it be? Security industry? Or flipping burgers? Or, *shudder* database programming? BWAHAHAHA!! LOL! Time is ticking down for you. Prison or a job. A job or prison. I admit, I find this entire thing interesting. When will you guys do something bad? When will you guys stop playing kiddy mail bombing pranks? When will you go to jail? Or, when will you grow up and get over the whole SCENE, and just move on and get a job doing what you have so judged and condemned? Sickening. It is called hypocrisy. > >> That crap is what destroys internet security. Ego freaks. > >It's humorous to hear you say the phrase "Ego freaks"... Whatever. I am posting anonymously. People can take my claims or leave them. The points are all that matter. You are an ego freak. Changing the industry. Saving the internet. The biggest bad asses on the block. The worst black hats, in your own minds. You joyfully post up every bit of media attention you get on your pages. You love to hack these guys, then brag about it endlessly. But, you spend all day in IRC. I wonder how you could actually get any work done. And, what work is that? Getting teenaged males to ooooh and ahhhhh you? > >> 5. Fight Club was a great movie. These guys are bozos. They b >reak the >> first rule every chance they get like Bob with tits. If I wa >s so >> inclined, which I am not, I would do it right... and destroy >the credit >> database, then switch the DMV records for everyone in New Yor >k state! > >The dripping irony of your conflicting statements has now reach >ed it's >Zenith. You call your self a whitehat, and claim to work with o >r for law >enforcement, but then come off with what could be construed as >a criminal >conspiracy or at the very least demonstrate some premeditation >on how you >would "do it right", followed by the description of what would >be a few >major felonies. Bravo! Of course, the concept of rhetoric has surpassed you in your naivety. Sorry, but that little heinous idea of mine was just to show that I find the idea of you as being a black hat as ludicrous. Seriously, it would be trivial for me to get ten k plus zombies to knock out eurocompton [sic - on "compton" reference, these are middle class white kids]. It would take a few hours to write the code, and get the zombies planted. I don't do this, though, kid, because my few hours are precious... and frankly, I believe that I would rather see you little kids do something really bad fast so you can get locked up faster. Look, kid, you aren't a black hat, and shouldn't be beating your chest. You are just a prankster. Maybe you will bust your cherry and do something really devious and bad. I doubt it. Okay, and honestly, what really holds me back from ddos'n eurocompton.net is simply because I don't care enough. If I truly believed there was no law, I would have to do such things. But, there are cops which are probably working on you guys already. That's their job. Their authority. Jail is far, far worse than a humiliating DoS. This is life, kid. Good guys sometimes beat up bad guys. The real black hats whom are good are out there hacking terrorist sites, Neo-Nazi sites, pedophile sites... or writing really cool virus code and publishing it opensource. Like 29a. You? You don't even understand what everyone else on the planet does. Believe it or not, but your techniques aren't new (as you so loudly proclaim), and I bet that you don't even have any zero day. At all. <snio> >Once again, despite my telling myself "if this guy only knew", >I really >have to wonder what orifice you are pulling this stuff out of, >and who >exactly you are talking to or at? > Get real, scene whore. Unless you are going at the skanky sex charts heroines, you probably haven't even been laid before. >> And, almost always they do this because they really wouldn't >get laid >> even if they could try out for the High School football team. > (Which, >> of course, is not something they could ever accomplish). > >Football. Ahh, now you've hit a nerve with me at least, and you >'ll succeed >in getting me off on you tangent. I mentioned my friend Brian w >as a Freak >(like I am, an I mean this in the best sense of the word). He w >as murdered >by a football player, and I've had other friends raped by them. "I'll succeed in getting me off on you tanget", lol. Of course, I hit a nerve. I am hacking your brain, moron. I can manipulate you like a puppet on strings. And now you rape systems. RAPE, RAPE, RAPE, RAPE. MURDER, MURDER, MURDER. Y0 MOTHERFUCKER. WE ARE THE ELITE. You are a wannabe. We are the ones whom pull the strings. You are our cover. LOL! What a pawn. If you only knew that I was one of your good friends, you spineless idiot. > I have no >love for them. My description of football this. A group of men >in tight >clothing take a showers together, wearing tight clothes and sla >pping each >other on the ass they take the field, they dash frantically aft >er balls >and madly run around throwing each other passionately to the gr >ound and >leaping on top of one another (sometimes refusing to get up), a >ll the >while grunting and groaning like oxen. At the end of the game t >hey whisk >off to the locker room for a final grand finale' in the showers >. Beyond >that, only speculation can determine what happens. However, as >far as >getting onto the football team in high school, or anywhere else > I'd prefer >to abstain. They may be "getting laid" but I don't count soapy > escapades >with each other and the "coach". Yeah, sports bore me, too. How can these guys sit on these chairs and get so involved with what team wins what? Kind of like sitting in IRC all day and mumbling about guys finding bugs. Getting bored, you go out and rape systems. You have learned a lot from the society you came from. Murder, rape. O day. I 0wn ur A55! You like to use the term "0wn" very much when you hack into someone's system? Does it give you sexual pleasure to do the backdoor rape routine? Hypocrite. > >> Okay, so now that is on the table... it is true, some of us w >hite hats >> actually are good hackers, but not the best. > >Heh, I don't find it hard to believe that you aren't the best. I bet. But, I can act like anyone I wish to act like. Anyway, the truth stands, you guys don't have any zero day. Bugtraq posters post their zero day. Whom should there be more respect for? > >> Yes, we make money and spend too much time with the ladies. >I am sorry. >> Sue me. Oh, yeah, you can't from jail. > >At this point I'm too busy laughing to type properly. Please gi >ve me a >minute to recover. I am a funny guy. > >> 7. "White Hats are evil", oh, okay, right... so, why, little >wussies, >> are you messing with us if you know we are evil? > >We aren't. We (or at least I) want nothing to do with you. Then don't pretend to speak for el8 or #Phrack "high council". > >> Heck, maybe we are working with your friendly IRC server admi >n or your >> ISP right now against you? > >Great. Have fun, and good luck. May the best man win. Okay, it is true. A lot of ex-football players join the FBI and hunt down hackers to score a touchdown. And, a lot of your friends when faced with jail or juvi would gladly tell them all about everything you are doing. Food for thought. It is the real world. The clock is ticking. > >> Who knows what kind of dirty tricks we have up out sleeves? > >Oh, I've got a pretty good idea. I work with individuals not un >like >yourself on a regular basis. As far as infiltration goes, I'd s >ay that I'm >way ahead of you in that game. Really? And, I hang out all the time in #phrack under various names and personas. Oops, the cat is out of the bag. Glad to meet your acquaintance. > >> 8. I find it amusing how they claim credit for all of these s >ecurity >> holes, yet the actual number of systems they have hacked is s >o small. >> Some people go, "Oh, uh, well, they hacked openbsd and k2, th >ey are >> scary, man, scary". Say what? And? > >You are looking for the lowest common denominators and judging >the >underground based on personalities and their exploits which are > most >likely the tip of the iceburg. I'm glad. The whitehat community > needs a >lot more people like you. However, I'm not sure if "the ladies" > could >stand it. If you knew as much about woman as you intimate you'd > probably >realize that the kind of testosterone driven blather you've spe >wed here is >the kind of thing that most women absolutely despise. > Whoa, there tiger. No need to get all defensive. What I stated had nothing to do with women. Or football. The number of systems you have hacked is small. Tinny tiny. You are media whores. You brag about everything you get. I wonder how long you have really been in the "underground". Everything doesn't begin and end with #phrack. There are, believe it or not, a lot of capable European, Russian, Korean, Vietnamese, Chinese, American, India, Pakistani, Israeli hackers... whom you have never run across in all of your days in IRC. Their numbers I believe. Most of them are not naive grey hats like your posing, chest beating group. You aren't doing anything new. You just think you are. >> Do people really not get it that once, twice, five times a we >ek a new >> bug comes out from some low key, humble researcher which coul >d have >> hundreds of millions of systems? > >Your grammar and diction leaves a lot to be desired. I'm having > a bit of a >hard time trying to decrypt what you are getting at here. Maybe > I'm just >getting tired, though. You are getting tired. > >> Do people not get it that we whom post these vulnerabilities >could hack >> your systems, could hack EVERYONE'S systems -- but DON'T? > >"we whom post" ? Are you intimating that you can write an explo >it? Oh >please say yes, and we can have a nice long talk about x86 ASM, > or would >you care to demonstrate how to, for example, overwrite an atexi >t() >function ptr or pointers in GOT table? I'm sure, based your you >r >demonstrated brilliance that you could add something insightful > to such a >discussion. Talk is cheap. Especially from a kid whom uses hacker speak. Let me give you a clue in... security bugs are not so easy to find... not remote, root exploits. I know plenty of guys that have a lot of talk and a lot of good ideas. But, they are... flakes. They can't really find any security bugs, they don't have the patience... the instinct. They can write some exploit code. But, day in, day out, finding bugs? It interferes with their scene whoring and media pimping. > >> - the FBI, the lazy, gutless goofs that they are for not loc >king them up > >Yes, being all "terrorists" I'm sure you and many others would >like to see >that. Where did I say "terrorist"? You are thinking too much of yourself. Wannabe terrorist, surely. Prankster shoes, fit you. Grey hat is firmly on your head. > >> - Qualys and ISS (whom, by not firing these criminals show t >hemselves >> up to be utterly unethical, which is absolutely unacceptable >in >> companies you are supposed to trust with your important data >and >> secrets) > >Once again I applaud these kind of folks. To be a cancer that e >ats the >corporatist system from the inside out is powerful good ju-ju.. > So, how are they a cancer? They break into the companies they do pen testing for? When they look at applications, they find zero day and keep it to themselves? Maybe they just don't do any work, and keep the paychecks? You are right, they are a cancer. Or, poseurs. > >> Hey, we the bug finders, aren't asking for much. Most of us h >ave worked >> shit jobs. We don't get much credit for our work. We rarely g >et much >> pay. Script kiddies base their entire reputations on our work >... and >> always have. > <snip> > >> But, to claim we buy these kid's exploits, or any crap like t >hat? To >> claim that we steal from them, when they steal from us? > >You (whitehats) steal from us (blackhats). Simple as that. The >proof is in >the pudding. Every major pen-testing firm has the greater part >of their >arsenal due to the efforts of researchers, many of whom are bla >ckhats. All of the pen testers get ALL of their stuff from researchers whom are part of Full Disclosure. Black hat, grey hat, white hat... forget it. It all comes from Full Disclosure. And, the script kiddies get everything from full disclosure. And, you are opposed to full disclosure. I don't blame you. It is hard to compete on that level. I can understand why guys like you wash out and stop doing it. It isn't the pen testers that are biting the hands that feed them. It is this certain group of script kiddies to which you belong -- be you a full disclosure traitor or not. You keep talking the talk, but where are these great zero day exploits? You rely on trojanizing binaries, and at best, have written exploits from bugs posted by your enemies on full disclosure lists. Ah, the "tip of the iceberg" FUD, again? Okay. The clock is ticking, big talker. I hear dem prison boys yelling for ya. The real compton mofo's are ready for ya. Now, back to the conversation I was having on #phrack... Signed, Lamont Cranston Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists