lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200211190310.53029.ka@khidr.net>
From: ka at khidr.net (Ka)
Subject: RE: Security Industry Under Scrutiny: Part Two

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings to all.

> Ka> Basically what is actually done by Black-Hats and White-Hats
> Ka> is the same thing: find holes and patch them ...
democow> I find this to be totally untrue, in some respects the methods
democow> that black\white hats go about to discover and find information 
democow> about a cretin subject is quite the same. But the intentions 
democow> are entirely different. And the repercussion of actions of the 
democom> part of each is entirely different.

They are different, yes, but not entirely. From my perspective the
differences are smaller than the similarities - for example if compared
to the unprofessional lame sysadmin running a worm-mothership for months.

And how do you call the IT professionals who set up the Echelon project -
white hats? I don't.

Just let the present situation develop a little farther and have government
agencies really _use_ the full scanning and observation sytems they are so
eager to set up. I mean: use them against you. On which side would you be?


democow> what is it that a person judges himself by if not his ethics, 
democow> and the ethics of the people he\she chooses to be around?

Through his conscience and by his consciousness. Preformulated ethics
or peer-group ethics are unusable finally - emphasis on 'preformulated'.


democow> people hang around like minded people..
democow> And in this community that is usually based on ethics your 
democow> choice of words here is quite odd, and reflects your 
democow> misunderstand of the situation at hand

'mind' as well as 'ethics' is old software and judged by the 
global results we have achieved in 2000 years I wouldn't even 
call it an alpha version.


democow> [about responseable persons] and what do you think the 
democow> white hats are my friend

Responseable persons - responding in-line with law. I think not 
all of them would be equally ethical if the law was different.
Just a little change in the outside situation will show who
is what. There is no line in nature between white and black
or between one country and the next. Just remember Antrax.


democow> we are in no way telling people what they should, 
democow> should not do we, we are not trying to control anything 
democow> other then information flowing to people that should not 
democow> access to it , as well as making sure that anyone who 
democow> plans to let said information flow into the general stream 
democow> knows the repercussions an event like that would have..

Are you sure, that you know the repercussion (gee - I just learned
a new word!) of this information control you are suggesting?
And - do you really think such a thing could be done at all?

If it could be done, I would understand the discussion (and I would
still hold on to my standpoint). But it simply cannot be made.
Just wishful thinking. Politics - far away from reality, trying to
suppress freedom in the name of freedom, hastily running to do something
against problems which have their very roots in politics.

Mindful - hmmm, not even alpha.


democow> Just because script kiddies are not that bight.. That does
democow> not stop them from their actions and the money spent not
democow> only to stop them.. But of the financial loss of regular 
democow> consumers.. Due to credit card fraud.. 

HA! Script kiddies creating financial loss through credit card fraud?
On what planet are you living? The big fraud is done by the companies
(e.g. sex sites) who offer their services through credit cards and
just "forget" to set up propper cancellation, because they know that
their customers are not going to reclaim too loud (or as I would phrase
it: who know very well, that their customers are slaves of their 
sex-repressive pseudo-ethics).

But after all, script kiddies have their own clientel, namely lame
sysadmins and spammers. Let them fight it out among each other.

democow> Down time.. etc, 

Ignorance and lazyness are not playing their part in this?
Including the ignorance of the IT professionals at large, 
who have not setup the protocolls correctly or are unwilling
to improve them out of "cost/effectiveness calculations"?


democow> As well do not forget what socks said, that they are 
democow> in part responsible for the harsh laws being implemented

Holla! For such a sentence you even need to hide behind 
sockz words. I better stop here, I think...


Ka
- -- 
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE92Z2k72vu22ltWBERAr/aAJ0c+H7gnHRDvt56siZBH/PbR8ndBACfQV4p
Y790YGSh8a63o7wxvzDRgOw=
=axTD
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ