lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 22 Jul 2006 19:20:10 +0000
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: 70 million computers are using Windows
	98rightnow

On 7/13/06, Castigliola, Angelo <ACastigliola@...mprovident.com> wrote:
> I'd like to see someone discus the plan of execution of exactly how a
> hacker would go about compromising 70 million Windows 98 computers.
> Create a malicious website with Quake cheat codes? My guess is that
> whatever number of computers is really running Windows 98; these
> computers are underutilized.

I'm not about to entertain ideas on how to access a bulk amount of
Winblows 98 hosts step-by-step here.

There are a about 70 million blackhat script kid hackers on here who
would love that.

Instead, theres http://www.securityfocus.com/archive/105/description
for basic security tips :)

At least you can blame moderators on Securityfocus if something that
is post to the mailing list leads to a global security incident, where
70 million Winblows 98 hosts are being used to spam, and attack large
corporate server networks and international backbone routers.

A large corporation or government suing Securityfocus moderators, now
that's something I want to see talked about :)

I reckon theres been a whole bunch of xploits and security tips which
have appeared over the years, which have led to a lot of money being
lost by e-commerce and governments.

Time for folks to hold Securityfocus moderators responsible for the
content on their mailing lists.

I for one would love to see the end to companies like Symantec making
money out of security researchers, while the researcher doesn't get a
percentage of Symantec's revenue.

There are dark clouds over Securityfocus, and two or more angles I can
see where legally they are responsible for incidents, that they later
make money by giving you products to clean up after moderators allow a
destructive security tip or exploit to go live on their lists.

I don't think Securityfocus is part of the solution in the security
industry, they are more part of the problem.

In life generally, you must choose:

Do you want to be part of the solution or be part of the problem?

Symantec choose to be part of the problem.

Then switch their agenda to protecting folks and claim they are part
of the solution by offering security products in relation to whats on
their mailing lists.

To me, in life you can't be part of the problem and be part of the
solution at the same time.

Choose what you are going to be and stick with it, they can't have it both ways.

Like I said, storm clouds are gathering over Symantec's Securityfocus
operation, and I sure will be every step of the way bringing up and
exposing legal issues with a moderated security mailing list.

Full-Disclosure mailing list is ammune in my humble opinion, as its
unmoderated, therefore no one but the security researcher is to blame
for what is posted to it.

However, Securityfocus are legally in a totally different position.

Long live Full-Disclosure,

R.I.P Moderated Securityfocus lists, you are legally answerable to
everything you allow to your lists and the destruction cause by it,
Full-Disclosure is not.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ