lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <005501c89a67$5ab66130$686b880a@softpro.corp>
Date: Wed, 9 Apr 2008 13:30:06 -0400
From: "Garrett M. Groff" <groffg@...design.com>
To: "n3td3v" <xploitable@...il.com>, <full-disclosure@...ts.grok.org.uk>,
	"n3td3v" <n3td3v@...glegroups.com>
Subject: Re: n3td3v has a fan

Good point regarding English grammar. I would definitely dissent with 
someone who proved to be inordinately picky regarding sentence construction 
or style.

Still, good grammar and judicious use of writing style has its uses. Here 
are two: professionalism and persuasiveness (yes, they're not mutually 
exclusive). Bad writing leads to--fairly or otherwise--a lacking in 
credibility. It looks unprofessional and leaves you with a smaller audience 
of people who will take your points seriously (again, right or wrong). 
You're left only with people who know you or are willing to overlook the 
frequent grammatical and stylistic faux pas. By reducing your audience, you 
reduce the effectiveness of your writing, needlessly.

Persuasiveness (related to professionalism, of course) also suffers when 
writing style is poor. It's hard to be persuasive if the reader finds the 
points confusing due to sentence construction, style, or other reasons. And, 
as mentioned, one is less persuasive if readers find the writing style 
unprofessional.

Bottom line: if being professional and persuasive aren't important, then 
writing style and attention to grammatical detail aren't that important. 
Otherwise, they are very important. Depends on your audience, motivations, 
and ambitions.

- G


----- Original Message ----- 
From: "n3td3v" <xploitable@...il.com>
To: <full-disclosure@...ts.grok.org.uk>; "n3td3v" <n3td3v@...glegroups.com>
Sent: Wednesday, April 09, 2008 12:49 PM
Subject: Re: [Full-disclosure] n3td3v has a fan


> On Wed, Apr 9, 2008 at 8:06 AM,  <malix@...h.com> wrote:
>> First, learn the proper use of the English language before choosing
>> to mouth off with it.
>
> People think english and spelling matters, but its what you say that
> counts not the way you say it.
>
> This is a concept many have failed to grasp in recent times.
>
> For instance, I went on Cnet News last night and told them about
> offline machines:
>
> Connected to the internet?: reader comment from n3td3v
>
> Posted on: April 8, 2008, 8:10 PM PDT
> Story: Breaking into a power station in 3 easy steps
>
> Computers don't need to be connected to the internet to get infected
> with the latest and greatest zero-day, someone, a rogue employee
> downloads code from the internet or makes his own, then uploads it to
> his memory key, then walks into power station, plugs it in with the
> intent to infect and hey presto, your infrastructure gets compromised.
> Valuable lesson: _ALL_ your computers need to be patched against the
> latest zero-day threats, not just online ones BUT offline systems too.
> Even computers which will NEVER have an internet connection _still_
> need to be patched. The threat from rogue employees and the inside job
> is far greater than an internet facing computer. Is anyone listening?
> I've been repeating this for years, the internet isn't the threat, the
> real number one threat to cyber security is the inside job. Got the
> message yet? The national infrastructure terrorists want to attack is
> *permanently offline* and the terrorists know this, but what they also
> know is those offline systems are *permanently unpatched* because the
> administrators think the bugs being released by security researchers
> on-the-internet won't touch offline-machines, think again. The
> terrorists aren't trying to hit your internet facing stuff, they are
> far more interested in going after your offline machines, as these are
> the most important ones. All the best, n3td3v.
>
> http://www.news.com/5208-10784_3-0.html?forumID=2&threadID=36712&messageID=396611
>
> [/snip]
>
> Now it may look like the above isn't written correctly, but I think I
> got my point across pretty well.
> Weather the english, grammar, spell checker police take it seriously
> is another matter. ;)
>
> My online friend who worked in the US Navy for 6 years in cyber
> security said I should have wrote it like this:
>
> ---------- Forwarded message ----------
> From: Chris Mills <E-mail Removed>
> Date: Wed, Apr 9, 2008 at 5:07 AM
> Subject: Try this
> To: xploitable@...il.com
>
> Computers don't need to be connected to the internet to get infected
> with the latest and greatest zero-day malware.
>
> Insiders are one of the greatest threats to any enterprise: business
> or government.
>
> Consider This:
> An employee with any amount of access can download code from the
> internet or make his or her own. With a simple copy to his USB memory
> key, he then walks into power station, plugs it in with the intent to
> cause harm. An unpatched, offline system IS vulnerable.
>
> Valuable lesson:
> All your computer systems are vulnerable. They all need to be patched
> against the latest threats, just as you would patch your internet
> connected devices.
> Even computers which will never  have an internet connection still
> need to be patched. The threat from rogue employees and the inside job
> is far greater than an internet facing computer. This has been seen
> over and over in news articles and threat reports published by the top
> security companies.
> The national infrastructure terrorists want to attack is permanently
> offline and the terrorists know this, but what they also know is those
> offline systems are permanently unpatched because the administrators
> think the bugs being released by security researchers on the internet
> won't touch offline-machines. This is a dangerous assumption on the
> part of security administrators. The terrorists aren't trying to hit
> internet facing devices, they are far more interested in going after
> offline machines which control far more important devices. This is
> their gold mine.
>
> All the best, n3td3v.
>
> [/snip]
>
> But I don't agree with him because its not got the same punch and passion.
>
> Regards,
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ