lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20020819043337.723.qmail@email.com>
From: sockz at email.com (sockz loves you)
Subject: (no subject)

----- Original Message -----
From: "Matthew Murphy" <mattmurphy@...rr.com>
Date: Sun, 18 Aug 2002 09:51:02 -0500 
To: <full-disclosure@...ts.netsys.com>
Subject: Re: [Full-Disclosure] (no subject)

> >whitehat using outlook express.  hehe, gotta love the irony in life.
> 
> Your point?  OE was free, and came installed on my machine (which was
> important on my 28.8 kbps connection, which I have happily ditched now),
> it's fast, and actually, OE 6 makes some nice security/privacy improvements
> over previous versions, and I can access Hotmail from it, which is a plus.
> Actually, if you keep your client patched (which us pretty easy with a
> couple of apps named "wuauboot.exe" and "wuauclt.exe" from Microsoft that
> *also* came conveniently installed as "Windows Update Automatic Update"),
> and you have enough common sense not to go double clicking on every other
> attachment you receive, OE is just as good as (and usually better than) many
> mail clients.

kids these days have no appreciation of just how fast the internet is.
dude, i was downloading openbsd on a 33k modem only a few months ago... i dont
see how your point is very valid.  i mean, we're talking about an email
client here, not an entire operating system.  hotmail is as buggy as outlook
express, and as for windows updates... well, i can honestly say that i'd
rather patch windows myself, microsofts "updates" seem to cause more problems
than they fix.  perhaps outlook express is good.  perhaps its not.  i just
found it funny that someone like yourself was actually using the product given
its sullied reputation in the security industry.

> I wouldn't be protected against it if the details weren't made public and
> fixes made
> available to me.  Just FYI blaming the industry for the proliferation of
> security info
> is not a very good way to look at this.  Vendors should have written secure
> code
> in the first place, so such vulnerability information would never have to be
> distributed.

incorrect.  vendors are just human.  do produce code that perfect you'd end
up paying a whole lot more.  my method works better.  dont approach the
whitehat community with your bug.  go to the software developers directly.
and no one else.  that is, assuming you want to tell anyone at all... which
i dont personally advocate but we have to be realistic here... some ppl
wont let go of ethics, and i understand that.  you're probably a good
example.

> Let me provide you with a rather incredible piece of information on this
> subject --
> the list will *never* be moderated.  Plain and simple.

you have said this a number of times.  as have other people.  its not all
that incredible.  really.  in fact i'm starting to wonder if this is the
only line of defence you whitehats have.  to cling to your precious list
and scream in a whiney voice "we're not leaving".  hell, i dont expect
you to.  thats far to simple a solution.

> >glad to see we have another supporter then.
> 
> I'm not planning on leaving any time soon...

thats the spirit! 
*hands you a pint*
*takes it back*
you _are_ old enough to drink in your state, right?

> These "phrack" idiots are spoiled children -- whine about everything, and
> act like
> they have some level of importance in the world by way of a pitiful attempt
> to
> destroy another sign of progress in information security.

you dont read much do you, Matthew.  i mean you're not into philosophy or
sociology a whole lot are you, really.  its a shame i dont have more time
to explain in detail just how much of a difference the PHC will make in
the long run.  i'll try and make some time over the next few days to spell
it all out for you.  stay tuned :)

> You referred to the list (the list *named* "Full-Disclosure", btw) as a
> middle
> ground between those in support of Full-Disclosure and those who aren't.  I
> don't think we would have named such at it is if it were a "middle ground",
> correct?

definitions change.  discussions on *Full-Disclosure* to date have already
covered this phenomena.  embrace change, Matthew, dont push it away.

> You don't have to be fighting a war to be determined, as is true in this
> case.
> I am (don't know about you) determined not to let a bunch of bored, anti-
> social losers force this list into moderation.

if that comment is supposed to be directed at me in some way, then i must
protest.  i'm not bored.  in fact i'm taking time off work to post here
so i'd appreciate a bit more respect thanks.  and the reason why i am so
damned anti-social is because i work harder doing what i do than you ever
will.  going *outside* is not something one considers when they're working
24hr schedules inside.

> >oh i agree.  i'm much prefer to see this list turned into an anti-whitehat
> >discussion list.  seems like much more of an appropriate place than a newer
> >list for sure.  i mean, this list is much more known than a list that
> hasn't
> >even been created yet.  and its audience is probably more likely to be less
> >fearful of involving itself, than say, if this list were renamed to
> "WHITEHAT
> >HOLOCAUST".  dont you agree?
> 
> You won't have a whole ton of support on that one, I'm afraid... (definitely
> not any from me) :-)

and i'm seeing this exemplified how?  on the one hand you're saying you're not
going to leave... on the other you say you're not going to support the list...
i'm getting conflicting messages here, Matthew.
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ