| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3E13737F.19730.2FBD2B1@localhost>
From: cta at hcsin.net (CTA@...IN.NET)
Subject: BlueBoar - 'Evil' Vendors Strike Back
On 1 Jan 2003, at 21:34, Florian Weimer wrote:
To: "Dehner, Benjamin T." <Btd@...mont.com>
Copies to: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] BlueBoar - 'Evil' Vendors Strike Back
From: Florian Weimer <Weimer@...T.Uni-Stuttgart.DE>
Date sent: Wed, 01 Jan 2003 21:34:58 +0100
> "Dehner, Benjamin T." <Btd@...mont.com> writes:
>
> > This seems to be equivalent to saying the policemen are the
> > cause of evil in our society. If everyone was a law-abiding
> > citizen, they would be out of business, so they actually
> > encourage crime.
>
> Law enforcement is not a business. Many parts of computer
> security are, and I too think that's part of the problem.
>
bhH>>>in
I strongly disagree with your statement that Law Enforcement is not
a business. Furthermore, as a bhH (Bald Hatless Hacker) I need to
vent.
Just as there are egotistical bombastic zealots in the commercial
Security and Chaos (those who practice the art of Origins of
Disorder) sectors, there exist those investigators and prosecutors in
law enforcement who are the primary origins of disorder.
First consider this…
Could the reason why the DOT com bubble burst, and Enron, Tycos,
and other corporations were raped be that these CEO’s and
Directors, and Investors have chosen the wrong or no reason to be
in business? That is the focus or business, has been on making
money, and not on honestly fulfilling a want or need. If the single
reason for being in business is to fulfill a real want or need, then
with fundamental honesty as its keystone, one applies practical and
continuos thought, planning and observation, a successful business
will emerge. Conversely, a business that exists without a reason
surly will fail. Honest thought, not Money is the real business
capital.
Now consider…
In one sense those in law enforcement are (or should be) in the
business of fulfilling a want and need, that is investigating and
prosecuting those who commit acts of wrongdoing against innocent
people, in violation of the law of the land. Although money
(resulting from bribes, kickbacks, theft and other illicit acts) may
also be one of the primary reasons a person is in the law
enforcement business, ego fulfillment has typically been the driving
reason. Again, as in commercial business, law enforcement agents
must put more effort into concentrated thought with honesty as
their keystone arch to success. How many times have we heard of
the incident where an agent tells an incredible informant to lie in
order to frame another individual who may have stepped on the
agent’s ego?
Now it is true that there are some smart and honest people in
Security, Law Enforcement, and even in the dark origins of disorder
and chaos. But it is time to take a lesson from Harvey Firestone,
Henry Ford, and Thomas Edison, and put more time into
concentrated thinking, honesty and fulfilling a need and want.
If a hacker finds a flaw in your software or hardware, then sit on
your ego, thank him/her, and then after quick but concentrated
thought disclose the problem to your customers with an honest plan
to fix it. AND DO IT!
If a Blackhat tells you as a Whitehat who just got his/her
certification that you’re a bumbling idiot because you have not
gotten yours hand in the beast, then THINK, roll up your sleeves and
get into it. Stop trying to replace thought and honest systematic
debugging / hacking with meetings, and third hand advice from some
crusty book worms.
As for you Blackhats, stop your pompous pontificating and put
some thought into how you can do a better job at creating
controlled chaos. Yes chaos is a good thing! Any one who is really
master at doing Security Engineering and analysis of vulnerabilities,
threats and attacks, will tell you that a controlled chaotic tree
simulation the best way to model predictable production
environment response. Some Blackhats are good at creating chaos,
but they are out of control. You NEED STABLE FEED BACK from
the Whitehats to drive your White noise generators. Strap on the
Phase look loop and get some control on your chaos.
Oh and lastly, as for those script kiddies and out right malicious bed
wetters, either they will grow up to be Blackhats, Whitehats, maybe
even no hat, or just die. Deal with them as we deal with any bug,
observe them, try to train them, ignore them, and if all else fails and
they continue to be a real pest, smash em. But remember they too
are needed to bring balance and control to chaos.
Hope I didn’t miss anyone…
bhH>>>out
> --
> Florian Weimer Weimer@...T.Uni-Stuttgart.DE
> University of Stuttgart
> http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT
> fax +49-711-685-5898
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.netsys.com/full-disclosure-charter.html
>
==========================================
bernie|bhH >>> cta@...in.net
==========================================
I don't ware no stiken hat...
Bald, Hatless and Hacking since 1975
377 and still trying to Deposit 072
***********************************************
"There is no expedient to which a man will not go to avoid the real labor of thinking."
Thought, the real business capital...Observe-Think-Plan-Think-Do-Think
Powered by blists - more mailing lists