lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 19 Jul 2008 21:40:45 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Torvalds attacks IT industry 'security circus'

On Sat, Jul 19, 2008 at 7:34 PM, php0t <php0t@...ro.hu> wrote:
>
> If I didn't feel you were moving towards being-serious-about-it, i'd give
> you a cookie for writing up so many useless, senseless, and obviously
> provocative thoughts about a subject where you lack even the slightest
> competence.
>
> P.
>

Blame Torvalds and Cnet News if you want to talk about provocative,
they are the ones that made me do the rant, if it wasn't for them I
would have no fuel for my rant im passionate about. So if you want to
know who is provocative its Torvalds and Cnet News.

Ever since Robert Lemos published a story about me i've been against
media outlets talking about mailing list comments, its wrong. Nobody
wants their mailing list comments quoted in the media and I wish
Securityfocus and Cnet News would stop it.

A few drunken rants of mine were taken and put into a PDF file and
written in a Securityfocus news article by Robert Lemos, and you know
the government or whoever might of thought it was true because it was
written by people who thought they knew what they were talking about.

The truth is, three people was n3td3v? No it was probably just me in
three states of sober, drunk and hungover if the Neal Krawetz thing is
anything to be taken seriously.

And the n3td3v is a hacker group who targets Yahoo, Microsoft and
Google... that was another drunken rant comment by me that was whipped
up by Robert Lemos and Neal Krawetz to put in the media circus to sell
more ad clicks.

The truth is Torvalds was probably drunk as well when he wrote those
comments, so why don't the media stop quoting people on mailing lists,
without at least emailing the author in private to ask if it was the
users actual opinion of just simply a drunken slur rant like many of
the n3td3v emails are.

I wish the media would just stop using mailing list drama as a way to
make money. Stop quoting people on the mailing lists without
permission of the author and certainly don't write a PDF about n3td3v
without my side of the story getting any input.

The media circus, the Cnet News story about Torvalds is exactly what
he's talking about, but him speaking out against the security industry
is a good thing. I'm sick of being the only one ranting about it and
that a big player has come out to call out the industry when its
needed.

We need more drunk people on the mailing lists... its the way ahead.
As long as the media don't quote people without asking first and that
Neal Krawetz and Robert Lemos should say sorry for being morons.

FYI: n3td3v is no hacker group... im just a fag with a google group,
members of the public joined... once upon a time I was delusional, got
drunk and thought I was a hacker with a hacker group, in reality im
just a piss head alcoholic with no job or career.

Those times are gone, im older now and looking to the future... maybe
a job in the government as a toilet attendant, let's see.

All the best,

n3td3v

>
> ----- Original Message ----- From: "n3td3v" <xploitable@...il.com>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Saturday, July 19, 2008 8:27 PM
> Subject: [Full-disclosure] Torvalds attacks IT industry 'security circus'
>
>
>> The maker of Linux was right,
>>
>> "In an e-mail to the Linux kernel developer mailing list, Torvalds
>> said a section of the security industry was dedicated to finding bugs
>> in software only to publicize their findings and gain notoriety."
>>
>>
>> http://news.cnet.com/Torvalds-attacks-IT-industry-security-circus/2100-1007_3-6243900.html
>>
>> We've got to stop doing an HD Moore to make a name for ourselves and
>> release vulnerabilities for the right reason, not to become a cyber
>> security rock star!!!
>>
>> The security industry is a circus, its a joke what its turned into,
>> its not about security anymore its a media circus, with over hype and
>> over drive.
>>
>> Let's cut away with the elitism and become normal people again who
>> aren't pumped up on steroids everyday to become famous.
>>
>> The media are to blame, the Robert Lemos's and the others, they write
>> shit all the time just to make their companies ad click money, they
>> don't really care what's written as long as its security related they
>> don't care.
>>
>> As little research as possible and the most amount of over steer to
>> make the security industry sound more important and exciting than it
>> is.
>>
>> Security, its a dull field to be in, once you know it all you really
>> do know it all. Its a boring sport being a security professional.
>>
>> That's why when some new disclosure comes along, we make a big deal of
>> it, to give us some excitement in your boring life.
>>
>> This security industry is driven by the media to give it free
>> advertising and to drive up profits... the care about security takes
>> second shelf... the ad click and egoism comes first.
>>
>> Go look at the web based archives of the less-busy mailing lists on
>> Securityfocus, its a rat run of security conference spam when the
>> subject is supposed to be on security, thats what we've turned into, a
>> shaft of advertising mecca....In security we get to advertise for
>> free, in security we don't need to buy banner ads. In security we can
>> charge thousands of pounds a ticket to watch a nerd mumble in a voice
>> which only reflects the persons social isolation from the world and
>> the true life style of the geek, a sad lonley pisser, sitting in his
>> own urine and coding up exploit code to give his sad existence more
>> self worth. Fresh air doesn't exist in nerd land, only the recycled
>> air of our own farts and bad breath, at weekends we don't wash, and on
>> Monday your co-workers notice part of your beard you forgot to shave,
>> and you are wearing the same clothes you did last week and everyweek.
>> Do I sound bitter, its because I probably am.
>>
>> We need a shake a good long shake, take hold of yourselves and see
>> what you've turned into, is this what we want to be a hyped up media
>> circus of wombats?
>>
>> The security conference spam runs... let's outlaw that shit.
>>
>> Month of browser bugs and Metasploit framework... let's trash that.
>>
>> Dan Kaminsky... the man who changed internet security...Cnet staff,
>> let's scrap headlines like that.
>>
>> The Pwnie awards & not letting Dan Kaminsky be nominated for most over
>> hyped bug, let's add him and every mother fucker in the industry as a
>> nomination, we're all over hyped and i'm sick of it.
>>
>> And for next years Pwnie awards, let's add a category for most
>> illegally spammed security conference and most over hyped security
>> conference, because they all are.
>>
>> Buy your banner ads and get yourself off the mailing lists now and
>> forever in the future.
>>
>> Stop advertising your security conferences through security
>> researchers and asking them to post the vulnerability a month before
>> the damn conference, we're not stupid we see through you. Yes, you the
>> leaders of the security conferences and the industry, the ones using
>> security researchers to make a lot of cash and make you dirty rich so
>> you can sit on a yacht for the rest of the year with chicks by your
>> side drinking champagne.
>>
>> The leaders of the industry are exploiting the media and the security
>> researchers, they're in it for the money to tool up revenue, they
>> couldn't care less about us and cyber security... they just want to
>> become filthy rich.
>>
>> Its people like you who are screwing it up for the future generation,
>> there won't be a security underground left in 10 years time, because
>> the industry will have it grave yarded and scared the underground away
>> from existence.
>>
>> People are scared the law will change, the government can show you the
>> industry money makers whose really in charge, we can make certain
>> things illegal for security researchers to do, and tighten up on how
>> much money you can make and exploit security researchers for.
>>
>> In the sex trade there is human trafficking, in the security industry
>> there is the exploitation & trafficking of security researchers. So
>> what is the security industry making you researchers? A whore to the
>> cause of making money and not really caring about you or actual
>> security.
>>
>> I've got one thing to say to security researchers... stop being
>> exploited by these people and go independent, don't goto a security
>> conference, stand out in a market square in the middle of a town, and
>> invite anyone along who wants to come. Ticketless, free and open. It
>> will kill the damn security conferences, the rich fucks who are
>> exploiting you. Its time to take control. If the security conference
>> leaders have no security researchers or new techniques to come to
>> their conferences then they will take note and know whose really in
>> charge of things.
>>
>> Boycott security conferences, if you want to speak in public, do it in
>> a random town market square free of charge...invite everyone from the
>> mailing lists to come, stand up on a statue and tell the world about
>> your researched vulnerabilities, but don't feel you need to attend a
>> damn security conference... because you're being exploited and taken
>> advantage of by the big tom cats of the industry!!!
>>
>> The security conference tom cats and the money making security
>> industry will die over night, and while thats a bad thing for the
>> industry leaders, it brings back control to the security researcher
>> and the underground as a whole.
>>
>> We can still save ourselves from being a security circus and being
>> exploited, if we boycott the security conferences... im talking to you
>> keynote speakers like Dan Kaminsky.
>>
>> If you had announced you were going to give your talk at a random town
>> square free of charge and invited everyone who wanted to be there to
>> come on the mailing lists you would have gotten a lot more respect. To
>> base your disclosure and speech around a money oriented security
>> conference takes away credibility for your cause, and takes away power
>> and control away from the ever corroding underground scene.
>>
>> Kill off security conferences... the media circus... the security
>> circus that the maker of Linux is talking about.
>>
>> Give a bug merit where its due and no merit where it isn't...
>>
>> I stand shoulder to shoulder with Linus Torvalds in condemning the
>> direction the security scene is going in and so should everyone.
>>
>> All the best,
>>
>> n3td3v
>>
>> http://n3td3v.googlepages.com
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ