[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4b6ee9310607221220t3cbaf9bdn332e5132e9abde82@mail.gmail.com>
Date: Sat, 22 Jul 2006 19:20:10 +0000
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: 70 million computers are using Windows
98rightnow
On 7/13/06, Castigliola, Angelo <ACastigliola@...mprovident.com> wrote:
> I'd like to see someone discus the plan of execution of exactly how a
> hacker would go about compromising 70 million Windows 98 computers.
> Create a malicious website with Quake cheat codes? My guess is that
> whatever number of computers is really running Windows 98; these
> computers are underutilized.
I'm not about to entertain ideas on how to access a bulk amount of
Winblows 98 hosts step-by-step here.
There are a about 70 million blackhat script kid hackers on here who
would love that.
Instead, theres http://www.securityfocus.com/archive/105/description
for basic security tips :)
At least you can blame moderators on Securityfocus if something that
is post to the mailing list leads to a global security incident, where
70 million Winblows 98 hosts are being used to spam, and attack large
corporate server networks and international backbone routers.
A large corporation or government suing Securityfocus moderators, now
that's something I want to see talked about :)
I reckon theres been a whole bunch of xploits and security tips which
have appeared over the years, which have led to a lot of money being
lost by e-commerce and governments.
Time for folks to hold Securityfocus moderators responsible for the
content on their mailing lists.
I for one would love to see the end to companies like Symantec making
money out of security researchers, while the researcher doesn't get a
percentage of Symantec's revenue.
There are dark clouds over Securityfocus, and two or more angles I can
see where legally they are responsible for incidents, that they later
make money by giving you products to clean up after moderators allow a
destructive security tip or exploit to go live on their lists.
I don't think Securityfocus is part of the solution in the security
industry, they are more part of the problem.
In life generally, you must choose:
Do you want to be part of the solution or be part of the problem?
Symantec choose to be part of the problem.
Then switch their agenda to protecting folks and claim they are part
of the solution by offering security products in relation to whats on
their mailing lists.
To me, in life you can't be part of the problem and be part of the
solution at the same time.
Choose what you are going to be and stick with it, they can't have it both ways.
Like I said, storm clouds are gathering over Symantec's Securityfocus
operation, and I sure will be every step of the way bringing up and
exposing legal issues with a moderated security mailing list.
Full-Disclosure mailing list is ammune in my humble opinion, as its
unmoderated, therefore no one but the security researcher is to blame
for what is posted to it.
However, Securityfocus are legally in a totally different position.
Long live Full-Disclosure,
R.I.P Moderated Securityfocus lists, you are legally answerable to
everything you allow to your lists and the destruction cause by it,
Full-Disclosure is not.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists