lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: silvio at big.net.au (Silvio Cesare)
Subject: Security Industry Under Scrutiny #4

some points here..

copy cat crimes are well documented in legal history with much precedence.

lets look at the book, "a clockwork orange".  considered [at least in
some circles], a literary masterpiece.

now after the movie was released [and i dont know the history too well here],
it turned out that people started doing copycat style killings.  if you've
read the book, then the killings described were pretty horrific.

the movie by consideration to the book is rather tame - eg, it doesnt depict
pedophelia in the scene with those 2 girls at the record store.. in the book
they are like 12 or 14 in age iirc, and in the movie they are well and truely
adults.

in the movie also, the depicition of the police is toned down.. the book
tried to portray that the police were just as violent and irresponsible as
the 'criminals in question.  in the movie, theres only occasional police
violence whereas the book shows almost all actions by the police in the same
style as the 'perpz.

now.. the movie was banned in various places [include some states of
australia], after these copycat murders took place.. 30 or so years on, the
movie is widely available again, and considered still controversial but
argueably a masterpiece. [imo, the movie was mediocre in comparison to the
book itself.  a good movie, but the book was far superior].

I believe the author of a clockwork orange regretted writing the book from
his statements later in life, in consideration of the copycat crimes that took
place afterwards..

many people however disagree with the authors regret in writing, as the book
covers important topics relevant to humanity, deviance, conformity and control.
these issues are written through the use of perhaps insane depicitions.. yet
they at the same time, make us examine what we think about criminal behaviour
and the rights of the state to enforce non-deviance and control.

so.. while naturally, no-one can condone the crimes that occured as a 'result'
of this book - the book itself, is certainly something that has benefitted
and contributed to society.

[ getting off topic --> ]

1 more point.. in australia, and perhaps many other countries, public
libraries often have the book 'mein kampf (sp?).  this is a pretty nutty book
if you've ever looked at it.  it doesn't say much for the time it was
released initially, pre the implementation of the 'final solution.  if more
people read this book, perhaps they would have realized the insanity that
become implemented because of it.  if hitler did not write this book, would
we believe that such a 'final solution would be implemented?

unfortunately, i would argue somewhat that such actions of george w. bush
in his state of the union address, the legislation of the patriot act
etc, also describes pure insanity.. lets hope in 50 years we wont be able
to loan george w bushs views from the local library and go 'fuckk.. what
a nut'

--
Silvio

On Tue, Jan 21, 2003 at 06:56:11AM -0500, sockz loves you wrote:
>                        Security Industry Under Scrutiny #4
>                                
>                               SECURITY AND MURDER
>                                
> 
> In 1993 James Perry was contracted by a man named Lawrence Horn to murder
> Horn's wife, his quadriplegic son, and the son's nurse, in the hope that the
> family's life insurance would pay out over $2 million.
> 
> James Perry wasn't a professional killer.  He had never committed a triple
> murder before.  In fact, had it not been for a book written by Rex Feral, and
> published by Paladin Enterprises in 1983, titled "Hit Man", Perry would not
> have had sufficient knowledge or confidence to carry out the short homicidal
> spree.
> 
> Over 13,000 copies of "Hit Man" were sold to the public before the murder, the
> cover of which has a subtitle reading "A Technical Manual for Independent
> Contractors".  In the preface to the book, Rex Feral breeds support for
> malicious intent of his text by writing:
> 
> "It is my opinion that the professional hit man fills a need in society and is,
> at times, the only alternative for "personal" justice..."
> 
> "Some people would argue that in taking the life of another after premeditation,
> you act as God -- judging and issuing a death sentence.  But it is the employer,
> the man who pays for the service, whatever his reason might be, who acts as 
> judge.  The hit man is merely the executioner, an enforcer who carries out the
> sentence."
> 
> The problem though, is that the law does not discriminate on the same moral
> basis.  When Perry was caught, he, Horn, and Paladin Press (a subsidiary of
> Paladin Enterprises) were all brought before court on serious charges.
> 
> Paladin Enterprises argued that America's First Amendment (the right to free
> speech) protected the business from legal action, because the corporation had no
> idea that James Perry and Lawrence Horn would use the book to plot and execute
> a triple murder.  But after years of trial, Paladin lost the case and was
> ordered to pay the families of the victims millions of dollars in compensation.
> Horn is serving a life sentence, and Perry at last count, was on Death Row.
> Paladin Press was ordered to destroy the remaining 700 copies of "Hit Man" it
> had waiting to be sold.  It lost intellectual property rights, making the text
> open for free public circulation.
> 
> "Freedom of speech" clearly didn't cover "freedom to aid criminals".
> 
> Why am I writing about this triple murder in this release of SIUS?  I think the
> parallels speak for themselves.
> 
> "Searched the web for how to hack.  Results 1 - 10 of about 11,100,000."
> "Searched the web for how to commit murder.  Results 1 - 10 of about 667,000."
> 
> This afternoon I read through Simple Nomad's "The Hack FAQ" with its frequent
> winking smilies and all.  It has no doubt been written not for system admins,
> but rather with malicious readers in mind.  Teenagers who've decided they want
> to become hackers, but do not know how to become l33t.  Funnily enough, there
> weren't many fundamental differences between "The Hack FAQ" and "Hit Man".
> 
> He writes:
> "Learn as much as possible about your target before the attack. The techniques
> involved can be passive to bordering on mini-attacks themselves. And plan out 
> your goals. Using your knowledge gained develop a plan, no matter how small or
> quick the hack is."
> 
> At the top of chapter 5, Feral writes:
> "Only a fool will rush right into a job without doing his homework. You have to
> know your target, whether it's a job for hire or a personal endeavour.  Every
> scrap of up-to-date information you can gather inconspicuously should be 
> assembled and studied to guarantee the success of you operation. Information
> requirements will vary, depending on the type and difficulty of the job. Even 
> the most minute, seemingly unimportant detail can be just the very item you
> need."
> 
> In Section 12.6, Nomad writes:
> "Use the Offline NT Password Editor by Petter Nordahl-Hagen. You need to 
> download Petter's code to your Linux machine (you DO have one of those, don't
> you?) and compile it using a libDES and MD4 library. Now mount the NT drive 
> read/write and follow the instructions in the readme. The instructions are 
> pretty easy to follow, especially if you know enough to get to the point to
> use them ;-)"
> 
> Then there's Feral in Chapter 2:
> "Get two extra fifteen or thirty shot clips from your local gun dealer or order
> through one of the gun magazines. But never load these clips to full capacity,
> as they tend to jam when fully loaded. When loading the clip before job 
> assignment, be sure to wipe each bullet to remove fingerprints, or spray with
> WD-40 or some other oil."
> 
> Rex Feral, a Writer and Professional Killer:
> "On the following pages, you will learn how to make, without the need of special
> engineering ability or expensive machine shop tools, a silencer of the highest
> quality and effectiveness."
> 
> Craig Ozancin, a Senior Security Analyst at Symantec:
> "This presentation introduces you to some of the types of attacks used to
> compromise Linux systems..."
> 
> These kinds of quotes are over-common in the security industry.
> 
> I am currently reading through "Hit Man".  As Feral suggests at the end of his
> prologue, I have avoided skipping idly through the pages, and am starting at 
> the very beginning.  Apparently this will see me turn from an amateur killer
> into a professional.  Just like reading Nomad's FAQ should give me some idea of
> how to commit cybercrime.
> 
> I assume my intent for reading this book is somewhat different to that of
> Perry's.  Or at least my intent for the knowledge in the meantime is innocent.
> But after reading the book I do expect to be more informed about how to commit
> murder.  Just as when people read advisories on bugtraq or full-disclosure, they
> expect to be more informed about hacking/posing security risk.
> 
> But what differentiates me from Perry?  Perry held no personal vendetta against
> those three victims.  He killed for money.  Using the information contained in
> the archives of full-disclosure and bugtraq, and those sources alone, I could
> learn how to commit criminal acts with my computer.  I could treat these
> criminal activities with as much detachment as Perry.  The only thing that holds
> me back from doing this is self-control.
> 
> Can you not see the fragile and crumbling edge I sit on, leaning over to peer
> into a vast valley of crime and profit?  And every single time I see an advisory
> this pushes me that little bit further towards a desire to just jump off.  And I
> am not alone on this cliff.
> 
> How long are we going to hold back from making these security companies
> responsible for providing the same potency of information as Paladin Press did?
> Any major internet security site will give you links to places where you can
> download hacking utilities.  Utilities that will be used by people with the same
> degree of malicious intent as Perry and Horn.
> 
> The media encourages hacking.  Hollywood says its trendy.  Anyone with a 
> computer has thought about it at least once, and many have sought to take the
> next step, despite how little they know.  And what does the security industry
> do?  It helps them down that cliff.  People on the internet aren't just told how
> to commit cybercrime, they are encouraged to be malicious enough to do so.
> 
> Please, somebody make these security fucktards responsible for the information
> they pump out!  It's one of the best ways to stop cybercrime.  If we stop
> rewarding wannabe hackers with fame & power security WILL improve.  To do
> otherwise is to give people like Perry and Horn cash rewards for killing more
> wives and quadriplegic sons and innocent nurses.
> 
> 
> I leave you with a quote I really liked, from Rex Feral, in Chapter 8:
> 
> "Don't brag. Don't boast. Don't hint at what you know or what you have done. 
> Don't confide in your girlfriend, your wife, or your best buddy. Only insecure
> bores must build themselves up by other people's opinions."
> 
> 
> peace & <3 sockz
> -- 
> _______________________________________________
> Sign-up for your own FREE Personalized E-mail at Mail.com
> http://www.mail.com/?sr=signup
> 
> Meet Singles
> http://corp.mail.com/lavalife
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ