lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSF.4.44.0212130252200.19127-100000@hackmania.net>
From: algernon at hackmania.net (algernon)
Subject: RE: Security Industry Under Scrutiny #3



Been quite some time since I posted to a list ,
but I couldn't resist..






sockz/verb wrote:

/*
 $security_flowchart_things_1-4

\*


 STOP

 Do these flowcharts NOT resemble an almost identical model to |trickle
down economics" or basic human sociology  ??

( refer to whatever sociology, journalism or history fodder they spoon
feed you @ your local thought and consent manufacturing .edu these days
for a primer)


 I think here is a place to stomp out the "politics don't belong on
full-disclosure" whining from the list by making a contextually apprope'
comparison. If you do not add government control (or lack thereof)  over
communication protocols and their direct, co-relative legal and political
counterparts in THE REAL WORLD to the equation, you are only lying_to_
yourself. Only when we fully realize all factors in this arena can we
effectively take action towards some sort of mutually agreeable
reformation process.



/* Begin Criticism


>There are a lot of bad people out there.  People who spoil the fun for
>everyone.We need to design ways of transmitting information about security to
>people who can _improve_ security and NOT destroy it. Otherwise the
>entire system fails.


/* Bad_People_Rant

Who exactly are the "bad people" you speak of ?

 a) Are they dot-slashers  who mass-deface and send "Sh0u7z 70 411 m4h
p47n4z" ,  and do no truly tangible damage besides harming the reputation
of the prey usually? Yes, this can add up to $ if the prey has built its
name on some sort of security reputation , but this is the exception to
the rule.

   You could also retort for commerce driven sites who scream outrageous
and farcical revenue losses due to existing or future consumer base
mistrust of online financial transactions but:

     i) The big 3 CC companies have made it very well known that they have
        the consumers "back" on electronic purchases with well-crafted
        media campaigning.

    ii) If you look at the hard data , e-commerce fraud is a minute
        portion of the big 3's yearly deficit reports. ( see friend edgar and
        gewgle)

   iii) Premium adjustments ( raising of insurance rates) after a system
compromise are not_that_bad.

 b) Is it the blackhat movement: who code, compromise and reside on
systems in on and about the www ? Wait a sec.... I thought you were for
that. Please clarify on which side of the fence you reside because you are
beginning to taste a little luke-warm.


 c) The nice folks who would force hardware vendors to manufacture a
universal, mandatory firmware backdoor for their systems to keep us all
honest?

    (see 107th Congress 2nd Session s.2048)
    I have a local copy at http://www.tinfoilhat.org/s.2048.html

 Myself , I consider quantity (c) "bad people" , and quantity (a)
 a minor annoyance at best.

 /* End Rant


>To abrubtly CONCLUDE, I'd like to SUMMARISE with my MAIN POINTS:

 As would I.

 I realize that one person cannot assume the voice of a group ,
 purpose or ideal , but when disseminating opinion of this nature I would
 suggest a group consensus of some sort lest one opinion be misperceived
 as mission statement.

 I truly enjoyed several of your arguments and thought processes on this
 list , as well as your charming chivalry with the pen , but this seems to
be some   kind of 180 unfortunately.

 I very much support anti-whitehat activities and the dissolution of the
 "security industry" in its current incarnations.


>1. I make cute ascii diagrams, doncha think?

 Yes you do. I hope you don't mind me taking a little liberty with the
design.

>2. We need to place better control measures in the following areas:
>       a) What moderators consider to be "acceptable" advisories
>       b) On whitehat websites that provide proof of concept code
>       c) Lists in general, because they are read by evil ppl and not
>just good

  SIEG HEIL!


>3. The security industry is getting a bad name for itself because of
>money grabbing "security consultants" and participants who leech
>information to be used for malicious activities.  We need
>to find a way to remove these kinds of people from the system.


Ban human nature?
Perhaps a verichip mod that curbs greed mechanism in human lizard brain?
Perhaps you also support the Human Genome Project.
SIEG HEIL !

>So what am I calling for here?

>A new industry standard for operating business?
> Yes.
agreed.

But like the phoenix, she must be burned before rebirth.


>Tighter cyber-laws for websites that seem to tell ppl "how to hack"?
> Yes.

 ALL HAIL TOM RIDGE! ALL HAIL OPERATION TIPS! ALL HAIL D.O.H.S.!
 SIEG HEIL! SIEG HEIL!SIEG HEIL!SIEG HEIL!SIEG HEIL!SIEG HEIL!

 Pardon my sarcasm , but war on info sec does not have to = dissolution of
freedom.

This is always a bad idea. ( see: a young, vibrant book-burning National
Socialist Germany in 1938)


>Computers and the internet were created to communicate and experiment.
>We have
>turned them into vehicles for profit and malicious intent.  As long as we
are
>supporting and communicating to those people who are destroying our
>society, we
>are communicating our _consent_ for them to continue making things worse.
>You say "information wants to be free", but whats the point in releasing
>something into the wild if its going to be captured and trained to rape
and >pillage?

I somewhat agree with the sentiment here , but based on a majority of this
writing , I question your judgement on who the people "destroying our
society" truly are.

Who is John Gault?

/* random schizoid babbling
13 thrones ( colonial america ) to rule them all
13 arrows in the claw of the currency crow to penetrate them all ( eagle
on the back of the $1 bill)
13 root name servers to bind them all

13 steps to nowhere
*\
---------------------------------------------------------------------
Vauis Vauis Vauis , Vau-imor Wa-wim
                          .:.
"Et servientem corpori absolve vinclis saeculi"
------------------------------------------------------------------------
gpg block:http://www.tinfoilhat.org/algernon@hackmania.gpg

pub  1024D/B4ED2B40 2002-11-27 Algernon D. Wardenclyffe (S-Pen I.S. Non
Profit)
<algernon@...kmania.net>
Key fingerprint = 8B69 5B3A 7A1F EB5F 036B  9DBC EEBE AFB6 B4ED 2B40
sub  2048g/50412FBC 2002-11-27



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ