lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: sockz at email.com (sockz loves you)
Subject: Are PHC going to ultimately secure more
    work for

----- Original Message -----
From: "James Martin" <me@...ppz.com>
Date: Wed, 18 Sep 2002 17:13:10 +0100
To: "sockz loves you" <sockz@...il.com>
Subject: Re: [Full-Disclosure] Are PHC going to ultimately secure more work for

> > i dont know many *suits* who are aware of the PHC.  sure a few
> > would exist out 
> True I suppose, but if PHC or any other "blackhat" group gain
> notoriaty they will be used as an if not the example of the "lurking
> threat".

well thats not PHC securing more work for the security industry...
thats the security industry doing their thing isn't it...

> > the fault of the whitehat security industry panicing.  just because
> > al qaeda is probably the most known terrorist organisation on
> > earth, doesn't mean they are the most formidable.  there are many
> > other groups out there who aren't even mentioned, yet could
> > probably out-terrorise :) al qaeda.  catch my drift? al qaeda is
> > like the script kiddy organisation of the terrorist underworld. 
> Exactly! They might not be the best organisation, but they are the
> name which is banded around whenever terrorism is needed to justify
> some action. In the same sense PHC if well known would serve the same
> purpose to the security industry.

ouch.  i doubt it.  but if that does happen, it will probably be more the case
that PHC becomes a front for other groups out there.  i think the main
difference between al qaeda and PHC is that PHC actually knows what they're on
about.  al qaeda didn't even come up with the WTC idea.  they stole it from
real terrorists.  catch my drift?

there have been so many lies conjured up about the real source of the WTC &
Pentagon attacks that it just isn't funny.  the US govt's reaction to the
attacks was something akin to the security industry's reaction.  you use this
event as a justification for a parallel action.  you prey upon society's
restricted access to information and feed them an almost completely different
version of whats really the truth.  is that necessarily right?  nope.
  
> > > Ultimately a threat is going to strengthen the industry not
> > > weaken it. Keep up the good work PHC, your securing the internet
> > > ;P.
> > 
> > not really, seeing as the security industry can only protect its
> > clients against those bugs that are known.  i dont see it as being
> > that hard for PHC to come up with something original whenever they
> > want to make a point.  hence 
> Yes but every time they do, they will add to the justification for
> the paranoia on which the industry thrives.

dude, we both know that the security industry doesn't need real justification.
it can use lies just as effectively and get away with them.  this has worked
in the past, and will continue to work well for as long as the security
industry stands... insulting the very intelligence of humankind.  thats why
it all needs to stop.
 
> > a threat is just a threat, it doesn't strengthen anything.  the
> > only strength gained is when unique attacks occur, prompting
> > whitehats to investigate a new technique, at which point it becomes
> > redundant and probably wont be used by the group again. 
> > comprehend?  this brings us back to the original argument 
> This relates to new information/research. Getting companies to even
> consider security can still be very difficult. The bigger the threat,
> the more people who will patch, and the more demand there will be for
> security consultancy.

PHC is against the whitehat community before its against businesses (in
fact, i dont think it means to bother them at all, unless they're connected
to the security industry).  why would businesses need to protect themselves
against a threat that isn't even relevant to them?  its like selling tornado
or earthquake insurance in australia.

> > that the only strength the security industry has is in the ability
> > to palm off obsolete attacks as threats in themselves.  a scenario
> > in which the only ppl moving to execute these attacks are leeches. 
> > PHC has no need to leech. 
> Well if PHC is actively using zero day attacks and this gains
> notoriaty, there will be more demand for the services of those who
> can "combat" this risk.

yes but you cant combat something if you dont know what it is.  the money
put into combatting 0-day exploits carries about the same efficiency as
hiring someone to sort through a barn full of hay, looking for that one
needle... *if* that needle is even in that barn... it could easily be in
the barn next door, or the one next to that.  and for all the time and
money you waste doing this... you get next to *nothing* :\
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ