lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200211181612.55842.ka@khidr.net>
From: ka at khidr.net (Ka)
Subject: Security Industry Under Scrutiny: Part Two

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First of all a personal remark:
Ka doesn't love you, and thinks you can do quite well
without his love anyway .o)


But: Sockz and list, my respect.


Have you observed, that the more similiar some 
groups of people are, the eager they are to fight each 
other? Like Iran and Iraq - like Christians and Moslems -
like Black-Hats and White-Hats. Family fights.

Basically what is actually done by Black-Hats and White-Hats
is the same thing: find holes and patch them (or is it not
among the first things after a server is owned that the
known software holes of the server are patched?).

The only difference lies in the individual attitude,
and even that may very well differ from instance to instance.
But it is my opinion, that individuality cannot be governed
by ethics finally.


When the situation develops into a war between individual
freedom against organized (governmental or criminal) "order"
we will need each other - regardless of the color of our
hats (if any).


> Why would the government want to create fear?
> Because catastrophes are good for the economy.

And good for the self-image of the president and the citizens. 
What else does some president have, if you take that label away?
What else do those who spell Citizen with a capital 'C' have,
when you take that away? Then suddenly one is just as human
as his enemy.


> What we DO need is to redesign the current system to remove
> vulnerability information from the eye of the general public... 

This is not possible. Just one single person, just some intentional
or unintentional misuses of the information breaks the whole system.

The alternative is to have more responseable individuals
and more secure systems. For both as much information-exchange
as possible is needed - not only technical information btw.,
but this individual opinions as well (which are often called
"off topic", but which are part of the neccessary 'handicraft'
or 'brotherly' exchange IMO). Including verbal fights now and 
then, including playing jokes with fake emails, including even
some stupid remarks of this old baldhead me, why not?


No system can function responseably if there are no response-able
individuals.


Worms or Script-Kiddies are just part of the background sounds
of the internet djungle, they serve their purpose. No need to
"fight" them, just protecting against them is sufficient. 
Real threats come from bigger animals, come from bigger organizations. 
No man should tell another man what to do, but I think we 
would be all better off with an internet which is not too much 
regulated by law or tied up by big "systems".


Greetings
Ka
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE92QNu72vu22ltWBERApEqAJ0dfivLaS/8tHq51wqvJqXBdlWtqQCfcKvY
KOEpH0a2cJAEdFLtwp1/PhA=
=yNB0
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ