lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 20 Mar 2008 08:54:56 -0400
From: Kern <timetrap@...il.com>
To: nnp <version5@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: agile hacking?

The world does NOT need another Hacking Exposed.  But it does need (and
always will need) a modern book of Computer Security Fundamentals.  There
should be little to NO focus on tools (as these change quite often), the
bulk of the focus should be on the Fundamentals and Standards;


(I am mainly familiar with networking, i.e. this is not an exhaustive
listing of Fundamentals)

Border Security -- DoD "Barrier Reef"
Defense in Depth
Protocol Attacks (How the protocols work, and how they can be manipulated)
Using a Debugger
Traffic Analysis
Probing (Nmap, nc, etc.)
ISO Guidlines and Standards (also NIST, NSA, etc)
Reading and Creating a CVE
etc.

By focusing less on the tools, and more on the thought process, you will be
doing yourself and the "community" a favor.

Security/Auditing/Hacking is a Process not a Tool.


On 3/20/08, nnp <version5@...il.com> wrote:

> What's the Negative Public Relations Industry?
>
> On Wed, Mar 19, 2008 at 10:36 PM, Fionnbharr <thouth@...il.com> wrote:
>
> > PDP,
> >
> > I don't really need backing up, I think my stuff stands but it seems
> > you haven't looked at it still. Reckon you could spell my name
> > correctly though? I get enough typo's with my real name let alone
> > people messing up 'thoth' (though 6 letter minimum for gmail account
> > names meant I had to put a u in there =/).
> >
> > Seriously though the last thing we need is more 'hacking exposed'
> > style books out there. The disclaimer on your site says more about you
> > than anything else:
> >
> > "GNUCITIZEN is a Cutting-edge, Ethical Hacker Outfit, Information
> > Think Tank, which primarily deals with all aspects of the art of
> > hacking. GNUCITIZEN's work has been featured in established magazines
> > and information portals, such as Wired, Eweek, The Register, PC Week,
> > IDG, BBC and many others. The members of the GNUCITIZEN group are well
> > known and respected experts in the Information Security and Negative
> > Public Relations (PR) Industries, with widely recognized experience in
> > the government and corporate sectors and the open source community."
> >
> > Talk about public masturbation. I don't think any of the other people
> > you mention in your posts that you look up to walk around claiming
> > they're awesome nearly as much as you.
> >
> > On 19/03/2008, Petko D. Petkov <pdp.gnucitizen@...glemail.com> wrote:
> > > reepex,
> > >
> > >  you are the only one backing up troth, read on all comments... I
> > don't
> > >  bash people. I encourage them and this is present in all my work and
> > >  the work behind the GNUCITIZEN umbrella. Not I, but the crowd hanged
> > >  him, as well they will hang you for your arrogant, egocentric,
> > foolish
> > >  and rather juvenile behavior. I personally don't care about you, nor
> > I
> > >  care if you like the work on GNUCITIZEN or even my work. In my eyes
> > >  and the eyes of others you follow very basic parasitic social
> > pattern:
> > >  making a name for yourself not based on your knowledge but based on
> > >  your arrogant, bottomless comments.
> > >
> > >  You don't lead by example! You are a parasite, a vampire, sucking
> > >  blood and energy from those around you. I hardly doubt that anyone
> > can
> > >  consider you as a friend or even appreciate your skills and knowledge
> > >  when you are nothing more but a vulture.
> > >
> > >  Comparing the Agile Hacking project with books such as "How to Own a
> > >  Continent" (by FX, Paul Craig, Joe Grand, and Tim Mullen...), "How to
> > >  Own the Box" (by Ryan Russell, Ido Dubrawsky, FX, and Joe Grand...),
> > >  "How to Own a Shadow" (by Johnny Long, Tim Mullen, and Ryan
> > >  Russell...), "The Art of Intrusion" (by Kevin D. Mitnick, and William
> > >  L. Simon..) and the "Hacking Exposed" series (by some of the most
> > >  recognized information security experts such as, but not only, Johnny
> > >  Cache, Chris Davis, Stuart McClure, Joel Scambray, Andrew Vladimirov,
> > >  Brian Hatch, David Endler...), is nothing but a flattering comment. I
> > >  hope that this project achieves and even superseeds their success.
> > >  These are some of my favorite books and I have a great respect for
> > >  their authors.
> > >
> > >  You and all others who support your dieing cause and who have
> > >  repeatedly attacked what we have build from scratch with far too many
> > >  sacrifaces, can laugh now but the simple fact is that you will never
> > >  even come close to what we have already achieved and gave to this
> > >  community. You and all other Full-disclosure trolls proved to be
> > >  untrustworthy, unworthy even creatures. I hope that your real
> > >  identities stay well hidden behind your nicknames as I highly doubt
> > >  that you will succeed in life. If I were in your place I would have
> > >  reconsidered my values. Your and the other trolls comments are not
> > >  satire but idiocracy as a fellow GNUCITIZEN reader have pointed out.
> > >
> > >  Kind Regards,
> > >  pdp
> > >
> > >  founder of GNUCITIZEN, information security research, penetration
> > >  tester, life hacker, co-author of two best-selling books, author of
> > >  numerous printed publications and online media outlets, active
> > speaker
> > >  and opinion former, hacker culture evangelist, founder of Hakiri,
> > >  entrepreneur, lecturer, etc...
> > >
> > >  I am far behind the people I look after for inspiration and guidance
> > >  but I am well ahead of you.
> > >
> > >  On Wed, Mar 19, 2008 at 8:35 AM, reepex <reepex@...il.com> wrote:
> > >  > so no one respects me, i bash people's projects, etc... whatever.
> > >  >
> > >  > You still do not explain why you have the attitude that any who
> > does not
> > >  > like your work or ideas is a talentless troll that you can brush
> > off.
> > >  >
> > >  >
> > >  >
> > >  > On Wed, Mar 19, 2008 at 2:40 AM, Petko D. Petkov
> > >
> > > > <pdp.gnucitizen@...glemail.com> wrote:
> > >
> > > > > Dear Reepex,
> > >  > >
> > >  > > Unfortunately, you've already lost all the respect for a larger
> > >  > > portion of people on this mailing list as well outside of it. You
> > have
> > >  > > never led by example but by bashing people on what they try to
> > >  > > accomplish. Everyone who has been in this industry/life style for
> > long
> > >  > > enough know that they don't know everything. In fact, as the
> > saying
> > >  > > goes: "A wise man never knows all, only fools know everything".
> > >  > >
> > >  > > My advise to you is to stop pretending being someone and be who
> > you
> > >  > > are. If you think that this project is crap then help to make it
> > >  > > better. Everyone that has ever written a book, knows how hard it
> > is to
> > >  > > put everything together and how frustrating it is to want to put
> > the
> > >  > > things that you want not having the chance to do so. It is easier
> > to
> > >  > > say what is crap but 100x harder to do it wright. Also, it is
> > very
> > >  > > easy to take apart people from what they have accomplished, I've
> > done
> > >  > > it myself:
> > >  > >
> > >  > >
> > >  >
> > http://www.gnucitizen.org/blog/hamster-plus-hotspot-equals-web-20-meltdown-not/
> > >  > >
> > >  > > but 100 of times harder to put yourself in their shoes:
> > >  > >
> > >  > >
> > http://www.gnucitizen.org/blog/reconsidering-the-side-jacking-attack/
> > >  > >
> > >  > > Again, lead by example not by baseless comments.
> > >  > >
> > >  > > Regards,
> > >  > > pdp
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> > >  > > On Wed, Mar 19, 2008 at 3:59 AM, Nate McFeters <
> > nate.mcfeters@...il.com>
> > >  > wrote:
> > >  > > > Ok, I'll buy that, that's reasonable.  I wasn't in the exchange
> > with
> > >  > thoth.
> > >  > > > I guess when I read about a community project to write the
> > ultimate
> > >  > hacking
> > >  > > > book, I assumed people from all backgrounds of security would
> > be
> > >  > interested
> > >  > > > in contributing... maybe that's a bit of a Utopian view, but I
> > could
> > >  > imagine
> > >  > > > a one stop Frankenstein of a book (probably one so large you
> > couldn't
> > >  > even
> > >  > > > carry a hard-copy) that has some really great great stuff if
> > the right
> > >  > > > people contribute.
> > >  > > >
> > >  > > > Right now, I've got disjointed information everywhere that I
> > reference
> > >  > for
> > >  > > > various things all over my damn computer and bookshelfs...
> > Uninformed
> > >  > > > papers, presentations from various sources, manuals, books,
> > blah blah
> > >  > blah.
> > >  > > > If it was done right, I think the book could be pretty damn
> > cool.  Of
> > >  > > > course, that depends on the community support and the content
> > that comes
> > >  > out
> > >  > > > of that.  I'm not sure what PDP has envisioned for the book,
> > I've been
> > >  > just
> > >  > > > too busy today to give the article a good read, but I've always
> > been
> > >  > very
> > >  > > > interested in these community projects.
> > >  > > >
> > >  > > > I think that's why I love ToorCon and really was bummed that I
> > didn't
> > >  > get to
> > >  > > > make it out to 24c3 this year... lots of collaboration going on
> > there.
> > >  > > >
> > >  > > > Nate
> > >  > > >
> > >  > > >
> > >  > > > On 3/18/08, reepex <reepex@...il.com> wrote:
> > >  > > >
> > >  > > > > On Tue, Mar 18, 2008 at 10:36 PM, Nate McFeters
> > >  > <nate.mcfeters@...il.com>
> > >  > > > wrote:
> > >  > > > >
> > >  > > > >
> > >  > > > > >
> > >  > > > > > I don't consider myself a 'kiddie' and I've considered
> > contributing
> > >  > to
> > >  > > > it.  I feel like the old adage of blowing out someone elses
> > flame to
> > >  > make
> > >  > > > yours burn brighter applies here.  Reepex, I didn't get a
> > chance to see
> > >  > your
> > >  > > > presentation at kiwicon, bit to expensive for an American on a
> > tight
> > >  > budget
> > >  > > > to get out there, but if you have a link, I'd love to have a
> > look.
> > >  > We've
> > >  > > > talked before, so I assume the presentation is good since I
> > know you
> > >  > know
> > >  > > > your stuff; however, I've also seen some cool stuff come out of
> > PDP and
> > >  > > > Gnucitizen... why the need to bash?
> > >  > > > >
> > >  > > > >
> > >  > > > > I did not give the talk, thoth did. The reason I brought it
> > up is
> > >  > because
> > >  > > > of
> > >  > > > > http://www.gnucitizen.org/blog/agile-hacking/#comment-116766
> > >  > > > > where pdp blindly assumes thoth does not have a clue, while
> > not
> > >  > knowing
> > >  > > > his background which must be some strange complex where people
> > think
> > >  > anyone
> > >  > > > who disagrees with them is inferior.
> > >  > > > >
> > >  > > > > >
> > >  > > > > >
> > >  > > > > >  Web app hacking may not be the coolest topic in the world
> > to
> > >  > yourself
> > >  > > > and many others, but it is something that a lot of companies
> > are
> > >  > concerned
> > >  > > > with these days,
> > >  > > > >
> > >  > > > >
> > >  > > > > Yes and we agreed web hacking has its place... the point I
> > made was
> > >  > that
> > >  > > > you cannot write 'the best hacking manual ever made' as pdp is
> > touting
> > >  > it
> > >  > > > while only covering web hacking and running combinations of
> > different
> > >  > tools
> > >  > > > such as kismet/tcpdump that pdp mentined as an example.
> > >  > > > >
> > >  > > > >
> > >  > > >
> > >  > > >
> > >  > >
> > >  > > > _______________________________________________
> > >  > > >  Full-Disclosure - We believe in it.
> > >  > > >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > >  > > >  Hosted and sponsored by Secunia - http://secunia.com/
> > >  > > >
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> > >  > > --
> > >  > >
> > >  > > Petko D. (pdp) Petkov | GNUCITIZEN | Hakiri | Spin Hunters
> > >  > >
> > >  > > gnucitizen.org | hakiri.org | spinhunters.org
> > >  > >
> > >  >
> > >  >
> > >
> > >
> > >
> > >  --
> > >
> > >  Petko D. (pdp) Petkov | GNUCITIZEN | Hakiri | Spin Hunters
> > >
> > >  gnucitizen.org | hakiri.org | spinhunters.org
> > >
> > >  _______________________________________________
> > >  Full-Disclosure - We believe in it.
> > >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > >  Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
>
>
>
> --
> http://www.smashthestack.org
> http://www.unprotectedhex.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ