lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <F5930PmsVV7eG5jnKA600025157@hotmail.com>
From: b0iler at hotmail.com (b0iler _)
Subject: RE: Please post to the list

>I received one response (so far) to my request to explain how "black
>hats" would propose I keep my network secure.  I would appreciate it if
>responses could at least be cc'd to the list so they can be discussed
>openly.

>My request still stands.  Any takers?

I'll take the bait.  This is a pretty nonsense question.  Of course if it 
was up to a blackhat they would allow you to have an insecure network.  But 
lets think for a second about a few common goals of some blackhat actions.

way #1 for blackhats to secure your network:
Take down the network.  No network = secure network.  Many blackhat's goal 
is to DoS the network so it cannot be used.

way #2 for blackhats to secure your network:
Comprise it and then improve security.  Once a blackhat has control of a 
system then they tend to want to keep it away from other blackhats, so they 
will secure the system moreso than it was before.  (who says blackhats have 
to cause damage?  there are good blackhats with the ethic of doing no 
damage.  some even break in just for fun!)

way #3 for blackhats to secure your network:
Tell you about it.  Not all blackhats want to break into every box.  Some 
only have a few targets and do not care about any other systems.  Some are 
nice people, who don't always play by societies views of what is right and 
wrong.  - depends on how you define blackhat/whitehat.

Some say whitehat = anyone who helps security at all and blackhat = anyone 
who hurts security at all.  (aka (in idiots terms) greyhat).

Others say whitehat = anyone who helps security without ever hurting it and 
blackhat = anyone who hurts security without ever helping it.

way #4 for blackhats to secure your network:
Comprise it and get detected.  This will cause your boss or yourself to 
force security to be improved.  May even point out something which you did 
not know was a problem before.

Blackhats are not one group of cookie cutter people.  Their goals, ethics, 
and techniques vary.  Not all of them want to cause harm.  Not all of them 
want your box to be insecure. Same with whitehats, not all wish to make 
money.  not all are script kidies.

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ