lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 18 Apr 2007 08:15:23 -0600
From: Tremaine Lea <tremaine@...il.com>
To: "Dr. Neal Krawetz, PhD" <neal.krawetz@....hush.com>
Cc: full-disclosure@...ts.grok.org.uk, ge@...uxbox.org
Subject: Re: UK ISP threatens security researcher


On 18-Apr-07, at 6:01 AM, Dr. Neal Krawetz, PhD wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Let's keep in mind that publishing most security information
> borders extortion.  There isn't any other industry where fat nerds
> try to strongarm large corporations into admitting there are
> weaknesses in their products, defaming them publicly, causing their
> stock prices to fall, or otherwise damaging their public image and
> thus causing financial damage, et cetera.
>

Lets also keep in mind that most vendors won't patch a hole in a  
timely fashion, and will happily leave their customers hanging in the  
wind to protect their stock price and image.



> Gadi, I doubt your people would be thrilled if you tried to
> petition Yahweh with complaints regarding His children being
> vulnerable to pieces of metal fired at high velocity from guns, and
> demanding that if things aren't fixed within what you consider a
> satisfactory timeframe (which, in the end is just some arbitrary
> number invented by people with no concept of industry and
> economics) that you will arm every man, woman, child, and lizard of
> bordering Arabic nations to Israel in order to teach that big guy
> up in the sky a lesson about not making humans impervious to
> gunfire!
>

Did you really just metaphorically compare software companies to  
Yahweh??  And for completeness sake, do you really mean to assert  
that people don't cry out to $deity about various injustices?



> Come on man!  You're smarter than this!  When socially inept people
> who possess only rudimentary computer skills


Speak for yourself doctor.


> start bullying (call
> it what you will, in the end if you argue against my points you
> clearly are one of those people who can't make it in the real
> world)

Oooo.  Nice.  "if you disagree with me, you suck and stuff!"




> corporations for fame and money, which have real-world
> financial consequences to said corporate entities, you are in the
> least committing extortion.


Cuz Yahweh forbid there be consequences.


>   And while you might think these
> efforts are noble, the reality of the situation is simple - this is
> absolutely no different than a bunch of Russians with botnets,
> forcing businesses to comply with their demands if that business
> wishes to continue existing on the Internet.


You must live an interesting life when you lack the ability to  
differentiate between truth and lawlessness.

>
> When was the last time an auto manufacturer was humiliated publicly
> because their car windows can easily be broken and contents of the
> car stolen?  When have chain manufacturers been chastised by the
> mass media for the existence of bolt cutters?  What about the
> serious threat of hacksaws?


When the hacksaw threat costs users, business and government as much  
as insecurities in poorly audited code you'll see these stories.   
Somehow I don't see that happening though.  There are clear laws in  
place when a company places a poor/flawed product on the market.   
Software seems to get a pass on this.



>
> People, grow up.  If your life is spent behind a computer
> discovering uninteresting oversights in software design, where you
> clearly lack experience and ability, and proclaiming yourself the
> #chatzone badass and drolling saying "I'm the best evah!!!" doesn't
> make you important.  The sad state of this industry is that there
> are enough ignorant people that find it impressive, and who don't
> understand the ramifications of their publicity whoring and the
> obvious parallels to other industries.

That's right ladies and germs.  Stop searching for holes and  
insecurities in your applications and OS.  Stick your head in the  
sand and let people with ill intent find it and exploit before you  
can be aware of the problem and protect yourself.  Definitely *do  
not* share the information if you stumble on it.  $deity knows you'd  
be a poor example if you acted to protect and inform others.


>
> The long and short of it is:
>   If you want to act like a criminal, be prepared to be treated
> like a criminal, and don't cry about the choices you've made in
> life.  You aren't a fucking martyr when your motivations and cause
> are only self-promoting and otherwise selfish.

Yes, because you're all psychic and stuff, and can immediately  
ascertain someone's motives.  It's a miracle you aren't employed full  
time by the legal system with this super amazing power.





---

Tremaine Lea
Network Security Consultant

Be in pursuit of equality, but not at the expense of excellence.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ