lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20080314021040.4A91915804A@mailserver6.hushmail.com>
Date: Thu, 13 Mar 2008 19:10:40 -0700
From: "Been There" <beenthere@...h.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Re: Offensive Security Backtrack Training

-----Original Message-----

On Thu, Mar 13, 2008 at 2:59 PM, Kern <timetrap@...il.com> wrote:
I think "security underground" implies unemployed.

  does that imply i'm wrong or less advantaged to make an opinion 
about
  offensive-security?

-------------

  I don't think the correct definition here is "employed" or 
"unemployed"  I'm thinking the w0rd of the day is "Employ-able..."

"Worried", while it's wonderful to think there are people like 
yourself that are out there willing to help those in need for 
phree, but can you really blame someone for wanting to profit on 
their knowledge, especially if it's done with considerations as far 
as an ability to pay?

My God, I've been there.  Pun intended, the moniker being 
bittersweet as it is...and I have carried a torch, did the 
Information Yearns trek, all of it...and found myself...very, very 
poor.  While I could astound my colleagues with exploits out the 
ass, I created a much larger and negative impact by going off-line. 
 I couldn't pay my ISP and the neighbor started to finally use WPA 
with a new-found knowledge of esoteric Czechoslovakian phrases.  I 
was SOL.

Most people have to make a living.  Sometimes people get lucky and 
thoroughly get to enjoy what they do and get paid for it...in our 
case, if I look at the demographics and skillset, that's entirely 
possible..think about it...getting paid to find out heinously cool 
shit, literally.  

If someone isn't employed, well, there's geography and certain past 
gov't sanctions that might inhibit working in a place that employs 
more than, well, two people.  At least in North America, anyway.

I guess what I'm trying to say here is that it's not a sellout when 
someone has responsibility for more than themselves, and unlike 
most fields, if someone in our industry is charging an assload for 
shitty security know-how, I can't think of a quicker or more 
capricious audience than all of us here on Full-Disclosure.  

There is profit in performance.  And if that feeds my family, gosh, 
I'm OK with that...and anyone else doing the same.  The weird thing 
about it all is that someone might learn something if they aren't 
careful.

Ben There









--
Buying or selling a home?  Click here for free info on real estate services.
http://tagline.hushmail.com/fc/Ioyw6h4doPHfED9HiNhHdBoC5Sjq7zQT0CTgO6jJ26ICUD9hVSPZ8k/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ