lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: gml at phrick.net (rrm)
Subject: Beyond black, white, and grey: the Yellow Hat
 Hacker

*hat/hacker/cracker etc... are all useless terms now.  we should be more 
innovative
and redefine everything, screw the past.

peace

hellNbak wrote:

>On Mon, 18 Nov 2002, ratel wrote:
>
>First, ignore Ron -- everyone else does.  :-)
>
>  
>
>>Desist what? I don't see why we can't have a reasonable discussion about
>>the idea that putting exploits in the hands of script kiddies while
>>cashing in and making a great show of how much you care about protecting
>>security is hypocritical, that's all. I happen to think this is a deadly
>>serious topic we can't afford to sweep under the rug just because we
>>happen to disapprove of someone's elocution.
>>    
>>
>
>I agree.
>
>
>  
>
>>Is calling oneself a blackhat really a prerequisite to despising
>>derivative snake oil hucksters and back-stabbing money-grubbing frauds?
>>It certainly shouldn't be. You'd think anyone who actually cares about
>>improving security would find the current state of affairs every bit as
>>nauseating and beneath contempt as the PHC.
>>    
>>
>
>OK, I am confused here.  Gobbles tells me that I cannot be considered a
>hacker because I don't break into peoples systems (blackhat activity) I
>secure them.  I am fine with that but yet I agree that there are *many*
>"snake oil hucksters and back-stabbing money-grubbing frauds" in this
>industry and they should be squeezed out of the industry - yet I am not a
>blackhat, I am one of the hated whitehats I guess although I have never
>labeled myself as anything but someone interested in learning.
>
>I do not agree that it means that we should not share information amongst ourselves
>and system administrators.
>
>My problem with how this whole thing is playing out is that it seems that
>the wrong people are being targetted.  Yes, ISS is an organization full of
>slick talking salesmen who have no business even using the word security
>let alone selling it and X-force is a joke.  But, I have seen firsthand
>far worse companies and organizations out there.  Here is an example -
>www.eeyenetworks.com (not to be confused with eEye although they would
>like you to).  Go look at the google cache of their events page -- in
>particular their Blackhat Windows 2000 claim and their claim to be
>sponsoring/speaking at BH Windows 2003.  I emailed them asking about the
>talk description as it was word for word copied from someone else's BH2001
>talk and they ignored me but removed the description.  hmmmmmmm
>
>I have a real fucking problem with idiots who know nothing, understand
>nothing, and won't take the time to try and learn it standing up in front
>of IT people and selling them "security".  You are right, these people
>care nothing for security and only care that this is the "next big thing"
>to pad their wallets with.  Call me what you want (I know I will get
>flamed) but at least I try to learn from the infromation everyone is kind
>enough to share.  Some of us who you are tossing into the same bucket as
>these assclown snake oil salesmen actually do truly care about security
>and hacking for that matter.
>
>So instead of flaming and fighting on this list -- what the hell are WE
>going to do about it?
>
>  
>
>>Plugging our ears and patting each other on the back won't make anything
>>about the situation better. Maybe encouraging more people to take a good
>>hard look in the mirror about why they're doing what they do will.
>>    
>>
>
>So, what do we do about it?
>
>  
>
>>If my thoughts on this honestly strike you as being some part of a
>>childish rant, so be it. If my failure to provide my real identity and
>>credentials here bars my entry into the class of "serious people" worth
>>considering, that's fine too. After all, we all have our own ideas about
>>what makes someone a laughingstock.
>>    
>>
>
>This isn't a childish rant.  It is the truth and the unfortunate state of
>the security industry.  My problem with these rants is that no one is
>willing to put their names to them.  Shit, for all we know you could be an
>X-Force employee.  j/k  :-)
>
>  
>
>>But I would hope that the message itself would be somewhat independent
>>of the messenger, given that so very much hangs in the balance.
>>    
>>
>
>
>
>  
>

-- 
------------------------------------------------------------------------

|Raymond Medeiros|w : phrick.net <http://www.phrick.net/%7Egml>|e : phrick.net <mailto:ray@...ick.net>|e : style.net <mailto:ray@...le.net>|   


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021118/e1ec6cca/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ