lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Nov 25 17:01:20 2005
From: james.mailing at gmail.com (James Eaton-Lee)
Subject: Return of the Phrack High Council

On Fri, 2005-11-25 at 16:24 +0000, n3td3v wrote:
<snip>
> 
> > Last first, making threats doesn't help either - again, you say two
> > things in one breath - you proclaim yourself as a fantastic, righteous
> > member of the community and also make veiled threats about other peoples
> > computer systems.
> 
> There was no threat. I asked if their web site was very secure. No
> remark on anyone compromising any computer systems related to the
> person.

I never said that there was a 'threat', I said that it came across as a
'veiled threat'. Making ambiguous remarks about the security of
someone's webserver after having what amounts to an argument with them
and ending it with an imperative that they ensure it ('Best go check')
certainly comes across as a veiled threat to me.

The best mental check in situations like this is to ask whether or not
if the conversation in question came up in court, a jury would conclude
that the remark was indicative of a threat (or motive) or not, and I
think here the clear answer is yes. 

You're free to disagree - as I pointed out, the intention of my message
was either to ensure that "the list [would] have some of their concerns
allayed" (through the answers to the questions I posed you) or to help
you in "[realising] where you're going wrong".

> > I think the majority of people on this list who have an unfavourable
> > reaction to you have it for the following reasons:
> 
> I don't care why they unfavour... infact I forget about haters within seconds

The overwhelming impression I get with regard to this (from the number
of replies you make to people who are 'haters', and the veracity with
which you try to hammer home your point and insult them) is that this is
absolutely not the case.

> >
> > * You've never provided any concrete indication that you have any
> > technical knowhow (I've never read a post of yours on a technical topic)
> 
> I wasn't aware I had to prove myself

As I'm sure you would have been quick to point out were I to tell you
you did, you don't "have" to do "anything". Again, my point in e-mailing
you (and the list) was to try to bring some element of resolution to all
of this. 

One recurring theme of virtually every e-mail that's been sent about you
on this list is the complete lack of respect that (as far as I can see)
everyone who's expressed an opinion has for you - given that I'm sure in
some respect you'd rather have respect at least from those you had
respect for onlist, I can't see how this is a bad thing for you.

I'm sure you can counter with some remark about the respect you have
from people who don't post to the list - but such a remark doesn't do
anything other than save (well, actually, maintain) face for you, and as
the point here is about *ameliorating* the opinion people have of you,
maintaining the existing situation isn't much help if it's all you do.

For my own selfish aims, I like life much better when everyone gets
along (it makes me happy), so I'd rather we were all friends. Or at the
least, kept our bitching to ourselves / conducted it in private
channels.

> >
> > * You (unlike most people who work in "corporate" security) are falling
> > for the trao of hiding behind an alias rather than using your real name.
> 
> Theres common sense reasons for using an alias, it doesnt mean youre malicious.

I never said it did - my basic point was that there tends to be a
pattern amongst people who work in Information Security and have more
contact with corporations of not hiding about silly aliases, because (in
general) the impression that anyone working 'professionally' has is that
it's unprofessional.

Again, this is all about impression and I'm trying here to help you
improve the impression others have of you, and I think this is a key
point.

Speaking personally, I have an alias (which you appear to have found
already - unsurprising since it's in my signature and appears if you
google for my name) which I've used for quite some time (and still use,
as a nickname), but I make no attempt to hide my real name and haven't
for quite some time.

One important point about this is that aliases are to some extent
disposable, and those who use them don't have a lot to risk in that they
can wipe the alias afresh and start anew. Aside from those amongst us
who just don't care what others think, a name is permanent, and any
remarks you make (and impressions you form) under your real name have a
long shelf life, especially on a mailing list like this. 

I know for a fact that this post (along with every other I've made to
this and similar lists) will be kicked up when any employer I go to work
for does an obligatory google of my name. This permanence factor (in my
opinion) tends to make people listen to you more, since there's an
unspoken assumption that anyone posting something under their real name
is doing so understanding what I've just explained, rather than knowing
that their comments don't really matter, aren't representative of them,
etc.

There is also the general correlation between idiocy in certain
communities and not-real-names. ;)

<snip>
> 
> Using corporate services allows you to detect bugs when they occur.
> How else can you detect bugs if you don't regulary use any of a
> vendor's products?

This would be a good point if we were talking about the diversity of
firewalls which you used, or what operating system your computers ran.
Using geocities to host your website really doesn't "allow you to detect
bugs when they occur", and even if your goal in life is to be the guy
who spots errors with geocities massively tested (since they have so
many clients) free webhosting accounts, doesn't really help you with
anything.

Far more usefully, if you wanted to really probe any vendor's webhosting
offerings (or anything else, for that matter), you'd be signing up for
accounts, prying, seeing how they worked, and learning about the
standards those services worked upon by running (breaking/modifying/etc)
them yourself, on test systems or in production.

Again, this is why I suggested that you demonstrate your technical
knowhow, because if you actually had some technical ability which had
been demonstrated in public you'd have a far more constructive time
talking to a list like this.

Running your personal homepage on geocities just doesn't help here, and
again, it comes down to that 'impression' thing. How many people do you
see on full disclosure who link to a geocities homepage in their
signature?

<snip>
> 
> >
> > Chances are that if you are 'just some kid' someday, you may want to
> > work in IT. It'd probably be in your interest in this case to distance
> > yourself from 'n3td3v', find an alias (completely disassociated) to use
> > (or, if you're brave enough, start using your real name), and heed some
> > of the advice you've been (with varying degrees of kindness) given.
> 
> We're all kids at heart. This alias is only used to post on public
> sites. I have a multitude of usernames for intelligence building.
> You'll never see n3td3v anywhere else. I'm actually heavily involved
> in your BSRF, but you wouldn't know that, since youre too busy making
> judgements on people you are misinformed about. Go ask some of your
> IRC channel operators, many of them are great friends of mine. I'm
> everywhere and you didn't even know it. Youre commenting on someone
> you're most likely friends with and you might be making yourself look
> stupid. I could make you look more stupid in public by reveiling my
> nickname on your IRC channel and your direct involvement with me by
> yourself and your channel operators and users of BSRF.

If you are an active user of BSRF, and if you are a "great friend" of
mine, and you do "reveil [your] nickname on [my] IRC channel", then I'll
instantly lose any and all respect I may already have for you in your
other guise.

I also have to speculate that this just isn't true and you're trying to
fabricate points, but since you won't substantiate your claims, this is
just idle speculation, really.

> >
> > Even if you don't have the inclination (or ability) to reply sensible,
> > you might want to at least try and take some of this in! You're welcome
> > to message me offlist if you're so inclined and have questions.
> 
> An on list comment must be met by an on list reply.

Of course. Again, in the interest of helping you change the impression
others have of you, I was offering you the ability to message me in
private and save face. My mistake, never mind! I retract the offer.

 - James.

> >
> >  - James.
> 
> Youre James, that makes you ammune from being a n3td3v and wipes any
> criminality from the minds of many, or thats what you real name people
> wish people to believe.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-- 
James (njan) Eaton-Lee | 10807960
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix)

sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1859 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051125/3562d165/smime-0001.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ