lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Marcus1091742374$1$22@duck.wafel.com>
From: Ferguson (Ferguson)
Subject: Re: MS04-025 - Ignorance is truly bliss....

On Thursday, 5 August 2004, hellNbak wrote:

> The paper slowly went sideways and turned into a large rant low on
> technical information but relevant about MS04-025, CERT, and other
> random things [...]

Despite of what you would like to think, your rants are not relevant in any 
way. I do not say this because I want to insult you - heck, I happen to 
respect you - but simply because that's the way it is.

The Internet is no longer a world of hippie hacker idealists, but quite simply 
a global market. Because of lack of centralized authority overseeing it 
(wasn't that what you fought for?), it is a wild style economy, often driven 
by shoddy practices and cutting corners where customers won't notice, or
marketing on the verge of deceit. This is how we do big business - honesty,
altruism, and respect for ideals were never its strong sides, unless you
could get a tax break doing those.

But then, were the Internet and IT security still merely a hobby of a bunch
of enthusiasts, you wouldn't be getting your paycheck, would you? You
benefit from these changes, with all their side effects. You tell your
customers to buy products, not to distrust the system, to uncloak treasons,
or banish false prophets. You tell them what they want to hear, then cash 
the check so that you can afford to write rants about how the world should 
be. The problem with socialist utopias where all do their jobs best, and get
exactly what they deserve, is that they all seem to fail quite miserably
(how odd). Unjust exploitation, trickery to claim undeserved credibility or
recognition, commercialization of everything you can capitalize on - that's 
what makes a country (or an industry) great.

What do you hope to achieve, or how do you believe your opinion is being
relevant or novel, if you come to this audience, and state that CERT is no 
longer credible, and is a bunch of crooks who live off selling advance 
vulnerability warnings? Or that Microsoft is not exactly particularly devoted 
to improving security of their products and protecting their customers?



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ