lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <48EA5AFE.7030602@gmail.com>
Date: Mon, 06 Oct 2008 13:37:50 -0500
From: rholgstad <rholgstad@...il.com>
To: Gadi Evron <ge@...uxbox.org>
Cc: funsec@...uxbox.org, botnets@...testar.linuxbox.org,
	full-disclosure@...ts.grok.org.uk
Subject: Re: pause for reflection

you are more delusional than n3td3v and Dan combined

Gadi Evron wrote:
> I started answering an email an hour ago, and it was important enough to 
> spend time on. It also ended up being too long, so I dumped it in a blog 
> post if you prfer reading in a web browser.
> http://gadievron.blogspot.com/2008/10/time-for-self-reflection.html
>
> Time for self reflection
> In case you don't read any of what I have to say below, read this: I have dual 
> citizenship. Along with my homeland citizenship, I am of the Internet, and see 
> it as my personal duty to try and make the Internet safe.
>
> Atrivo (also known as Intercage), is a network known to host criminal activity 
> for many years, is no more.
>
> Not being sarcastic for once, this is time for some self reflection.
>
> I wish I was one of those who sleep soundly tonight. Being clear in my 
> conviction that Atrivo should be out of business, and being positive my 
> decision to help that happen was sound--While I would do it again, I am sad.
>
> I won't sleep soundly tonight, as that company, criminal and abusive as it 
> clearly and contemptuously was, still sustained quite a few families in several 
> layers of employment, from sysadmins sitting in the US of A all the way to 
> minor low-level fraudsters employed by their clients' clients.
>
> I will however, be able to look myself in the mirror for my part in the
> effort to get rid of them--and even gloat some. My conscious is as clear to me 
> as my sadness is crystal. We may not have changed the wall of battle in the 
> long term and whenever one criminal falls, another jumps up to the 
> opportunities of the land of the free--the Internet. But for once, just for a 
> while, we halted the machine. We stopped the wheels of evil, even if only for a 
> fortnight.
>
> While doing so, ee also touched some lives in a destructive fashion. The 
> criminals'.
>
> No villain ever sees himself as the bad guy, as the saying goes. A friend 
> recently showed me Russian language comments written on Brian Krebs' recent 
> Washington Post story. In them, the posters ask: "why do you take our bread 
> away?"
>
> In a lecture during ISOI 5, some folks just didn't understand the meaning. 
> Their bread. Their bread. We in the Western world, behind the cultural divide 
> speak a different language. Their culture isn't poorer than ours, it is 
> unequivocally different.
>
> We can not truly comprehend what it means for some folks in Russia to no longer 
> be able to feed their children this month. Nor can we understand that by 
> sending email, we made those children starve. Cheap theatrics on my part, you 
> say? You got that right. It doesn't make it any less true.
>
> Cyber crime is a war waged against the Western world. At first, no one even 
> noticed and it was a niche.. an art. While the artists still exist, they are a 
> minority, the hackers. For the criminals however, motive is as irrelevant as 
> nationality. Whatever actions are taken, be it a political defacement, fraud or 
> spam, the unavoidable secondary impact remains the same: damage to the Western 
> economy and security in an exponential growth which will become ever clearer in 
> the coming years.
>
> Yes, my friends. I would do the same again. I feel sorry for Atrivo, but they 
> were harboring the equivalent for the Internet of active missile launchers 
> firing on Israel from the Gaza strip. They are human beings who hit a curve in 
> the road to their success. Cyber criminals, however, establish such growth as 
> parasites and whatever I may feel for needing to resort to the end game 
> weaponry, these people need to be smacked down like cockroaches.
>
> Ten years ago they were a pride to their parents, today they are a scourge. 
> What will they be in ten years?
>
> If all reasonable and even some unreasonable approaches fail. That does not 
> mean I don't have to feel sorry for them, and me. But it also doesn't mean we 
> don't need to fight back.
>
> Not even a hundred years ago, disastrously, war was business and an
> acceptable horrifying part of life. A few years later, in 1918, war was
> unthinkable. In the century since we who live in or are influenced by
> Western culture made war no longer an option we can publicly stomach, while 
> facing those who would play us like children because of it.
>
> War is horrifying and evil, it is also a last resort in a world not as
> ascendant as we would like to think. The Internet has its own "liberals" and I 
> am proud to be one of them. However, I am also practical and see that wishing 
> for a world we once had is not. A world where I could host files on my 
> neighbor's servers openly, where children could happily use pocket calculators 
> and go to libraries for their school work rather than Google and read 
> Wikipedia. You did so, do your children?
>
> This new world has its price, and that price is a complete loss of public 
> privacy, and a culture of ineffective security.
>
> We are reliant on our Auntie Jane's computer knowledge for our own security, 
> and while not many would follow us to our bathrooms to infringe on our personal 
> privacy, online we have no privacy, however much it helps us to lie to 
> ourselves that something we do publicly (read, on the Internet) is private.
>
> I accepted that, but that is because I am in the trenches for years. Others 
> live better not knowing. But it doesn't mean I won't work diligently to make it 
> remain.. functional.
>
> Indeed, taking a step back from my niche in security, and seeing how bad things 
> truly are--people can still surf for porn, and argue over who the best Star 
> Trek captain is. Cyber crime, in all its immense activity of billions of 
> incidents an hour, is background noise. But the background noise continually 
> increases. When will it overflow?
>
> All I really want is to maintain the functionality we have, regardless of the 
> abuse. And yet... Going back to Atrivo, they made enough money by now. And 
> regardless once more, their criminal clients are already back online 
> elsewhere--in some places possibly hosted by what seems like Atrivo, only under 
> a different name.
>
> We did not win, but boy does it feel good to have a victory once in a while for 
> morale's sake. We halted the machine, even if only just for a short time. That, 
> my friends, also has strategic implications as far as our ability is to 
> influence networks running clean on the Internet, although only time will 
> determine if I am right on that.
>
> Enough whining though. Who is next on the target list? :)
>
> More seriously, why do I care so much? I have dual citizenship. Along with my 
> homeland citizenship, I am of the Internet, and see it as my personal duty to 
> try and make the Internet safe.
>
> Gadi Evron,
> Of the Internet.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ