lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <dd5f5ac90704180721h30932d79h807ccd40944738ec@mail.gmail.com>
Date: Wed, 18 Apr 2007 16:21:32 +0200
From: "Thomas Pollet" <thomas.pollet@...il.com>
To: "Dr. Neal Krawetz, PhD" <neal.krawetz@....hush.com>
Cc: full-disclosure@...ts.grok.org.uk, ge@...uxbox.org
Subject: Re: UK ISP threatens security researcher

Dear mr. Dr. Neal Krawetz, PhD,

On 18/04/07, Dr. Neal Krawetz, PhD <neal.krawetz@....hush.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Let's keep in mind that publishing most security information
> borders extortion.  There isn't any other industry where fat nerds
> try to strongarm large corporations into admitting there are
> weaknesses in their products, defaming them publicly, causing their
> stock prices to fall, or otherwise damaging their public image and
> thus causing financial damage, et cetera.


pretty cool, huh?

Gadi, I doubt your people would be thrilled if you tried to
> petition Yahweh with complaints regarding His children being
> vulnerable to pieces of metal fired at high velocity from guns, and
> demanding that if things aren't fixed within what you consider a
> satisfactory timeframe (which, in the end is just some arbitrary
> number invented by people with no concept of industry and
> economics) that you will arm every man, woman, child, and lizard of
> bordering Arabic nations to Israel in order to teach that big guy
> up in the sky a lesson about not making humans impervious to
> gunfire!


Your analogies are flawed. I'm not going to elaborate on this.

Come on man!  You're smarter than this!  When socially inept people
> who possess only rudimentary computer skills start bullying (call
> it what you will, in the end if you argue against my points you
> clearly are one of those people who can't make it in the real
> world) corporations for fame and money, which have real-world
> financial consequences to said corporate entities, you are in the
> least committing extortion.  And while you might think these
> efforts are noble, the reality of the situation is simple - this is
> absolutely no different than a bunch of Russians with botnets,
> forcing businesses to comply with their demands if that business
> wishes to continue existing on the Internet.


So what about you? You enrolled in some university, then X years of
conformism later you "made" it in "the real world"? I bet your mom is proud
of you.

When was the last time an auto manufacturer was humiliated publicly
> because their car windows can easily be broken and contents of the
> car stolen?  When have chain manufacturers been chastised by the
> mass media for the existence of bolt cutters?  What about the
> serious threat of hacksaws?
>
> People, grow up.  If your life is spent behind a computer
> discovering uninteresting oversights in software design, where you
> clearly lack experience and ability, and proclaiming yourself the
> #chatzone badass and drolling saying "I'm the best evah!!!" doesn't
> make you important.  The sad state of this industry is that there
> are enough ignorant people that find it impressive, and who don't
> understand the ramifications of their publicity whoring and the
> obvious parallels to other industries.

The long and short of it is:
>   If you want to act like a criminal, be prepared to be treated
> like a criminal, and don't cry about the choices you've made in
> life.  You aren't a fucking martyr when your motivations and cause
> are only self-promoting and otherwise selfish.


the motivations of major corporations are any better? What are their
motivations again, ah right, ROI, TBD, BAU. QoS and customer satisfaction
isn't that high on the priority list if it's not related to the bucks.

Always remember the embarrassment to hackers, humans, and Hebrews
> everywhere that is Kevin Mitnick.


what ethnic groups are ashamed by you? Prolly not the mba'ers or the
marketing department, they love people like you!

- - Dr. Neal Krawetz, PhD
> http://www.hackerfactor.com/blog/
>
> On Tue, 17 Apr 2007 19:30:54 -0400 Gadi Evron <ge@...uxbox.org>
> wrote:
> >http://www.theregister.com/2007/04/17/hackers_service_terminated/
> >
> >"A 21-year-old college student in London had his internet service
> >terminated and was threatened with legal action after publishing
> >details
> >of a critical vulnerability that can compromise the security of
> >the ISP's
> >subscribers."
> >
> >I happen to know the guy, and I am saddened by this.
> >
> >       Gadi.
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.5
>
> wpwEAQECAAYFAkYmCAUACgkQDpFP8dW5K4bwFgP/Z2cmOC7HiPZ9Bp1p0VqC/1IMv40l
> Vxi/gS/jMQMDG9XiIZqnDQQwMGm8OhnBu6LfMPi66Xnfr9ZV5zcE3wCeqlRfDsyAuAD7
> TvpzfqAfhdLDgfG6hmX9BBZdpALXIa4ijwKuo4zs5uqtA/najmlIwgDjmGXC1NefQsZP
> acyWgT8=
> =zSxl
> -----END PGP SIGNATURE-----
>
> --
> Click here for free information on earning a criminal justice degree
> today.
> http://tagline.hushmail.com/fc/CAaCXv1S4xxoKJy71c1syHceuiPxgdCh/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Regards,
Thomas Pollet

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ