| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hellnbak at nmrc.org (hellNbak) Subject: Beyond black, white, and grey: the Yellow Hat Hacker On Mon, 18 Nov 2002, ratel wrote: First, ignore Ron -- everyone else does. :-) > Desist what? I don't see why we can't have a reasonable discussion about > the idea that putting exploits in the hands of script kiddies while > cashing in and making a great show of how much you care about protecting > security is hypocritical, that's all. I happen to think this is a deadly > serious topic we can't afford to sweep under the rug just because we > happen to disapprove of someone's elocution. I agree. > Is calling oneself a blackhat really a prerequisite to despising > derivative snake oil hucksters and back-stabbing money-grubbing frauds? > It certainly shouldn't be. You'd think anyone who actually cares about > improving security would find the current state of affairs every bit as > nauseating and beneath contempt as the PHC. OK, I am confused here. Gobbles tells me that I cannot be considered a hacker because I don't break into peoples systems (blackhat activity) I secure them. I am fine with that but yet I agree that there are *many* "snake oil hucksters and back-stabbing money-grubbing frauds" in this industry and they should be squeezed out of the industry - yet I am not a blackhat, I am one of the hated whitehats I guess although I have never labeled myself as anything but someone interested in learning. I do not agree that it means that we should not share information amongst ourselves and system administrators. My problem with how this whole thing is playing out is that it seems that the wrong people are being targetted. Yes, ISS is an organization full of slick talking salesmen who have no business even using the word security let alone selling it and X-force is a joke. But, I have seen firsthand far worse companies and organizations out there. Here is an example - www.eeyenetworks.com (not to be confused with eEye although they would like you to). Go look at the google cache of their events page -- in particular their Blackhat Windows 2000 claim and their claim to be sponsoring/speaking at BH Windows 2003. I emailed them asking about the talk description as it was word for word copied from someone else's BH2001 talk and they ignored me but removed the description. hmmmmmmm I have a real fucking problem with idiots who know nothing, understand nothing, and won't take the time to try and learn it standing up in front of IT people and selling them "security". You are right, these people care nothing for security and only care that this is the "next big thing" to pad their wallets with. Call me what you want (I know I will get flamed) but at least I try to learn from the infromation everyone is kind enough to share. Some of us who you are tossing into the same bucket as these assclown snake oil salesmen actually do truly care about security and hacking for that matter. So instead of flaming and fighting on this list -- what the hell are WE going to do about it? > Plugging our ears and patting each other on the back won't make anything > about the situation better. Maybe encouraging more people to take a good > hard look in the mirror about why they're doing what they do will. So, what do we do about it? > If my thoughts on this honestly strike you as being some part of a > childish rant, so be it. If my failure to provide my real identity and > credentials here bars my entry into the class of "serious people" worth > considering, that's fine too. After all, we all have our own ideas about > what makes someone a laughingstock. This isn't a childish rant. It is the truth and the unfortunate state of the security industry. My problem with these rants is that no one is willing to put their names to them. Shit, for all we know you could be an X-Force employee. j/k :-) > But I would hope that the message itself would be somewhat independent > of the messenger, given that so very much hangs in the balance. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbak@...c.org http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Powered by blists - more mailing lists