lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <002401c25f34$545b4180$3602a8c0@securitytimes.com>
From: nfernandes at securitytimes.com (Nuno Fernandes)
Subject: Are PHC going to ultimately secure more    work for

PHC is a terrorist network, it's just done over the Internet.


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of sockz loves
you
Sent: Wednesday, September 18, 2002 9:44 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Are PHC going to ultimately secure more
work for

----- Original Message -----
From: "James Martin" <fulldisclose@...ppz.com>
Date: Mon, 16 Sep 2002 12:54:22 +0100 
To: <full-disclosure@...ts.netsys.com>
Subject: [Full-Disclosure] Are PHC going to ultimately secure more work
for "Security Consultants"?

Hi James.

> I've been pondering the real effect PHC are going to have (if at least
> partially successful) on the "Security Industry". My conclusion is
that
> ultimately they will help, not hinder the industry. I'd be interested
to
> hear your comments on my argument.

likewise.  i think i've made a few good counter-arguments in my reply,
but
i would certainly be interested as to what you (and others) think.
 
> What does the industry rely on to maintain a market? Fear. Fear of
breaches
> of privacy. Fear of vandalism. Fear of embarrassment. Fear of loss of
> productivity.

hmm... i see.  fundamental but true.

> For a company to invest in maintaining security, they must be able to
> justify their fears. As many of you know it can be very difficult to
> convince those in suits that there's a real risk of being hacked. A
tangible
> representation of the risk is often needed, rather than just
protecting
> against an unknown enemy.

i dont know many *suits* who are aware of the PHC.  sure a few would
exist out
there somewhere, but business people tend to want to focus on things in
the
business scene, not the computer security scene.  thats why they hire
security
"professionals".  because they dont have the time to waste on the job
themselves.  hence if the business person hasn't got the time to keep up
with
first-hand information about the hacking community, then they become
heavily
reliant upon the security people they contract.  which ultimately brings
us
back to the point that its the security industry that generates this
paranoia.

> If PHC et al succeed in building a name for themselves in the media,
they
> will become to Al Quida of the security  industry. Still very sketchy
in
> detail, but a label for the risk. This in my opinion should prove a
powerful
> weapon in the arsenal of those pushing for larger (or even some)
budgeted
> capital for security related services.

why do you attempt to demonise PHC by likening them to a well-known
terrorist
network?  it doesn't help your point at all.  if this DOES happen it
will be
the fault of the whitehat security industry panicing.  just because al
qaeda
is probably the most known terrorist organisation on earth, doesn't mean
they
are the most formidable.  there are many other groups out there who
aren't
even mentioned, yet could probably out-terrorise :) al qaeda.  catch my
drift?
al qaeda is like the script kiddy organisation of the terrorist
underworld.

> Ultimately a threat is going to strengthen the industry not weaken it.
Keep
> up the good work PHC, your securing the internet ;P.

not really, seeing as the security industry can only protect its clients
against those bugs that are known.  i dont see it as being that hard for
PHC
to come up with something original whenever they want to make a point.
hence
a threat is just a threat, it doesn't strengthen anything.  the only
strength
gained is when unique attacks occur, prompting whitehats to investigate
a new
technique, at which point it becomes redundant and probably wont be used
by
the group again.  comprehend?  this brings us back to the original
argument
that the only strength the security industry has is in the ability to
palm
off obsolete attacks as threats in themselves.  a scenario in which the
only
ppl moving to execute these attacks are leeches.  PHC has no need to
leech.

anyway, i'd be interested in hearing your thoughts on this.

<3 sockz
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ