[<prev] [next>] [day] [month] [year] [list]
Message-ID: <F313SOlbpH71yEXUIEA0001e9f5@hotmail.com>
From: democowx86 at hotmail.com (democow the happy cow)
Subject: <Format-Fix> Re: Beyond black, white, and grey: the
Yellow Hat
>From the desk of democow….
/*unfortunately for most of us we depend on someone else at some point to be
as security minded on their systems as we are on our own, life doesn't
always work out the way we would like. What is distressing though is seeing
someone, specifically "hellnbak" who has! recently owned up to being one of
the learned through using security lists, now groveling at the "phrick" feet
*/
now in a little defense of hellnbak he did not show any support of #phrack
he was on the other hand making comments on how the current manifestation of
the infosec industry uses deceptive and one time flat out unethical sales
practices
although I do welcome his opinions
/*
awww shucks trying to cover your own "sell out behind". Posting what seemed
to be a private email just to make yourself look sincere is beyond sad.
Might know more than you care to admit about that back stabbing comment you
made on a personal level eh? I have yet to see a contribution to this list
from Steve aka hellnbak other than a lot of comments, and his often offered
$0.2. How many times have you posted a fix for anything? */
and I hope he dosen’t…
/* Isn't that the argument of all security consultants? But back to my
point, the above is quite a change from how "hellnbak" felt back in August:
<snip>"Tell me, based on the PHC definition of a hacker -- one who breaks
into boxes, are you a hacker? If so, then I have to thank you for the long
term employment you have given me. You guys are not the solution, you are
part of the problem. Maybe even the root cause.</snip> */
people tend to change their mind when they give a subject a second look,
this may be true in the case of hellnbak.
We are using this list to convey our message, in our opinion that is the
only good reason for this lists existence
/* "Several recent studi! es have shown that one in every 4 Americans
suffers from some form of mental disorder. Think about that, if 3 of your
friends seem normal, then you must be the one." */
i think that only applies to you mate
-
I would also like to add something new to this “debate” do any of you
whitehats out there even consider what jackasses you are? When you discover
a new class of vulnerability in software applications you post a information
about it( buffer restriction problems..etc) that I don’t have a huge problem
because it allows programmers to become more aware of problems they should
try to avoid in their code.. but then you take software that people have
worked very long and hard on and try to find miniscule problems within it
then after you do that what do you do?
You post the problem on a mailing list or try to contact the people who made
it, but if they don’t respond to you in the way YOU want them to, you
slander them for it on mailing lists… one of the more recent examples that
comes to mind is the IE ssl certificate authority issue that ms was not even
contacted about
Now I know a some whitehats do contact the vendors in a more respectable
manner now-a-days but as soon as the vendor sends out a patch they just
choose to give out almost every little detail on how to exploit the problem
to public lists.. sometimes even PoC code that is just an exploit that
crashes the program in question, or runs some sort of dumbed down shellcode
is given out to the public.
Considering that there is almost no chance that every user of the vulnerable
product had almost no time to patch the problem or be alerted of it… why do
whitehats feel the need to let the public know how to take advantage of
something like that? How is that improving security?
-democow
“a cow for every generation”
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
Powered by blists - more mailing lists