lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b6ee9310806251808w584bb441ne9b03139365a6350@mail.gmail.com>
Date: Thu, 26 Jun 2008 02:08:05 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: What the UK government care about in a hacker

I think we've gone beyond the F-Secure has said stage, I think folks
are looking for something more. I think the security space has evolved
already in respect of home user hackers, the security professional
circuit and with the government.

Infact the government are finding it hard to keep up with what's
possible by the government and what's technologically possible by joe
average in his bedroom.

A few years ago it was impossible for joe average to shoot the live
scene of a national emergency via his cell phone, email that footage
to a national television station and that to be used as prime time
evidence of the incident, now it is.

With this I look onto the media, its still using F-Secure press
releases for its news round.

Your average joe is now able to creep behind the media wall and get
the news before the outlet gets time to read up.

The fact, the media is becoming less important in the security arena
for bringing us news.

Your average joe can configure google.com/ig to give them keyword news
thats coming onto the news wires and google.com/alerts can too.

What used to be a government fundamental for the intelligence
services, is now becoming a challenge for them to know what user is
signed upto what and how much they know.

Before it was more straight forward, they would know what news sites
were available as civilian intelligence sources but now its becoming
less obvious.

The intelligence community are having to dig deep into online
community to see what is possibly being plotted and what sources of
information they have and the technique in which its gathered.

Today the world is changing, what used to be charted water only
reserved for the intelligence services is now also being used by the
civilian population.

It's scary times, hackers have the best ability to over come the
intelligence services, not the script kids, but the hackers!

The main focus for the British intelligence service is mobile and
anything to do with radio frequency hacks, including RFID type stuff,
that's high on the British government look out.

The media are hyping about mobile phone worm, while this hype *is*
unfounded right now, thats not to say its not top on the British
government's watch list of most desirable vulnerability threat vector
against national infrastructure of government and civilian population.

The hax0r credibility score board from the government's point of view
isn't hacks in safari, fire fox or internet explorer, its
telecommunications and radio frequency hacks right now.

So while you and your friends might think browser hacks, etc.. think
again, the real stuff that gets the UK government interested in you is
radio, mobile and chip hacks, anything to do with electronics and
communication, they don't actually give a fuck about applications, DNS
hacks, Cisco router hacks and the like.

While those things like  DNS hacks, Cisco router hacks and the like
are internet critical, they aren't national security critical...

So hackers, if you want the most hax0r credibility points and
attention with the UK government, think national infrastructure, radio
frequency, chip hacks and mobile telecommunication interception.

If you want head hunted into the UK government cyber defensive,
offensive and research departments go for those vectors... keep away
from silly stuff like web browser hacks, DNS poisoning, Cisco etc.

How will the UK government contact you? Brute guys will jump out of a
range rover land rover which will have darkened windows and will give
you an offer you can't refuse after abducting you for five minutes
based on your research post on Full-Disclosure.

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ