lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: hellnbak at nmrc.org (hellNbak)
Subject: Beyond black, white, and grey: the Yellow Hat
 Hacker

On Mon, 18 Nov 2002, Ron DuFresne wrote:

> Oh yes, it's very important to give these kids that sit in efnet #phrack
> all day discussing the 'glorious' escapades of the DC snipers, or how they
> can't wait for the next WTC terrorist fiasco to strike.  Giving them a
> platform to further their rants about an industry that have never had an
> interest in supporting because it limits their abilities to comit internet
> mayhem has no merit.

Are you really nieve enough to fall prey to their shock tactics?  Come on,
hasn't Maryln Manson, and the WWE taught you anything -- the more shocking
and offensive you are the more people you will attract and the more
attention you will win.  Their rants -- when they are not trying to shock
people do have merit.  The security industry is falling into a horrible
state and I think its up to all of us who truly care about security to fix
it.  I am just unsure how, so I for one I am willin to put up with the
flames and the occassional shocks in order to hear others opinions and
points.

> Of course Steve, you didn't ignore me when you made me one of the propose
> speakers for you failed CSIC conference this year.  go ahead give these
> lamers a platform, encourage them.  But, please do it off list, why do you
> have to subject the whole list to these diatrabes?

The talk you proposed was good enough to get past *all* of the reviewers
(not just me).  So whats the issue with that?  Yeah the conference failed
due to many factors, poor planning, high costs, among a few.  Live and
learn.  The point is Ron, you are fueling the flame wars with these guys
with responses that are nothing but flames, why not try and hear the true
message that they are getting across -- its nothing new:
"The security industry is full of snake oil salesmen -- BEWARE".



>
> On Mon, 18 Nov 2002, hellNbak wrote:
>
> > On Mon, 18 Nov 2002, ratel wrote:
> >
> > First, ignore Ron -- everyone else does.  :-)
> >
> > > Desist what? I don't see why we can't have a reasonable discussion about
> > > the idea that putting exploits in the hands of script kiddies while
> > > cashing in and making a great show of how much you care about protecting
> > > security is hypocritical, that's all. I happen to think this is a deadly
> > > serious topic we can't afford to sweep under the rug just because we
> > > happen to disapprove of someone's elocution.
> >
> > I agree.
> >
> >
> > > Is calling oneself a blackhat really a prerequisite to despising
> > > derivative snake oil hucksters and back-stabbing money-grubbing frauds?
> > > It certainly shouldn't be. You'd think anyone who actually cares about
> > > improving security would find the current state of affairs every bit as
> > > nauseating and beneath contempt as the PHC.
> >
> > OK, I am confused here.  Gobbles tells me that I cannot be considered a
> > hacker because I don't break into peoples systems (blackhat activity) I
> > secure them.  I am fine with that but yet I agree that there are *many*
> > "snake oil hucksters and back-stabbing money-grubbing frauds" in this
> > industry and they should be squeezed out of the industry - yet I am not a
> > blackhat, I am one of the hated whitehats I guess although I have never
> > labeled myself as anything but someone interested in learning.
> >
> > I do not agree that it means that we should not share information amongst ourselves
> > and system administrators.
> >
> > My problem with how this whole thing is playing out is that it seems that
> > the wrong people are being targetted.  Yes, ISS is an organization full of
> > slick talking salesmen who have no business even using the word security
> > let alone selling it and X-force is a joke.  But, I have seen firsthand
> > far worse companies and organizations out there.  Here is an example -
> > www.eeyenetworks.com (not to be confused with eEye although they would
> > like you to).  Go look at the google cache of their events page -- in
> > particular their Blackhat Windows 2000 claim and their claim to be
> > sponsoring/speaking at BH Windows 2003.  I emailed them asking about the
> > talk description as it was word for word copied from someone else's BH2001
> > talk and they ignored me but removed the description.  hmmmmmmm
> >
> > I have a real fucking problem with idiots who know nothing, understand
> > nothing, and won't take the time to try and learn it standing up in front
> > of IT people and selling them "security".  You are right, these people
> > care nothing for security and only care that this is the "next big thing"
> > to pad their wallets with.  Call me what you want (I know I will get
> > flamed) but at least I try to learn from the infromation everyone is kind
> > enough to share.  Some of us who you are tossing into the same bucket as
> > these assclown snake oil salesmen actually do truly care about security
> > and hacking for that matter.
> >
> > So instead of flaming and fighting on this list -- what the hell are WE
> > going to do about it?
> >
> > > Plugging our ears and patting each other on the back won't make anything
> > > about the situation better. Maybe encouraging more people to take a good
> > > hard look in the mirror about why they're doing what they do will.
> >
> > So, what do we do about it?
> >
> > > If my thoughts on this honestly strike you as being some part of a
> > > childish rant, so be it. If my failure to provide my real identity and
> > > credentials here bars my entry into the class of "serious people" worth
> > > considering, that's fine too. After all, we all have our own ideas about
> > > what makes someone a laughingstock.
> >
> > This isn't a childish rant.  It is the truth and the unfortunate state of
> > the security industry.  My problem with these rants is that no one is
> > willing to put their names to them.  Shit, for all we know you could be an
> > X-Force employee.  j/k  :-)
> >
> > > But I would hope that the message itself would be somewhat independent
> > > of the messenger, given that so very much hangs in the balance.
> >
> >
> >
> > --
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> >
> > "I don't intend to offend, I offend with my intent"
> >
> > hellNbak@...c.org
> > http://www.nmrc.org/~hellnbak
> >
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> 	***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D.  Just don't touch anything.
>

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@...c.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ