lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 13 Jul 2009 17:50:38 -0500
From: opt opt <opternaut@...il.com>
To: mrx <mrx@...pergander.org.uk>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: AntiSec <3's nginx

On Mon, Jul 13, 2009 at 1:21 PM, mrx<mrx@...pergander.org.uk> wrote:
> A secure internet is:
>
>
> i) One where all vulnerabilities are kept quiet to only be exploited by
> those that discover them.*

It really seems like the first attribute of your "secure internet"
kind of diminishes the value of, well, everything else to follow. But
just in case...

>
> ii) One where there is no privacy and every action is logged tracked and
> traced by governments.(And we all know that governments have only the
> interests of the people at heart)

Why assume the government and private sectors are all ethical? Almost
once a month there is another abuse of power story leaked to the
press. And the ratio of known/unknown cases of abuse is probably
pretty depressing. If you've ever worked at an ISP or a telecom you're
well aware of this.

>
> iii) One where there is no anonymity and every action can be traced to
> an identity and physical street address.

Given the current state of tcp/ip technology, routing, wireless, etc.
It's a bit of an ideal to eliminate anonymity on the internet. But
again, the same point applies.

Let's say you're forced to scan the microchip implanted in your wrist
to access the internet from your local coffee shop. It's now possible
for the clerk ringing up your copy of 2600 to come to your house and
rape you at gunpoint. Erotic? Absolutely. Secure? Nope.

>
> iv) One where DPI is applied to every packet tx'd/rx'd.
>

Even if deep packet inspection were applied to every packet, you still
have things like encryption and obfuscation. Not to mention general
cunning.

> *Thus only the elite few would be able to create mischief, steal or
> secure as opposed to just about anyone smart enough to run the
> metasploit frame work or read a full disclosure list.
>

None of the things you listed mandate that anyone be intelligent to
cause mischief. The cycle would just continue. Innovative research
would be spread and utilized, for better or worse, by the community.
Which, sadly, includes a few "anti-secs" (zing).

> A secure Internet is the end of the internet as a useful resource for
> the oppressed.

As the saying goes:
"When a woman reaches orgasm with a man she is only collaborating with
the patriarchal system, eroticizing her own oppression" - Sheila
Jeffrys

Basically what Sheila is saying is that to be oppressed is a choice.
And as such, the possibility to rebel against it always exists.
Oppression has been a rather good catalyst for hacking so far. And I
can't even tell you what anti-patriarchal rants have done for my sex
life.

>
> Long live the wild West. One can only secure that which one controls, so
> who's going to step up and control the internet? Will the technology
> ever be there to do so? And do we really need another Wyatt Earp?
>

In this case, Wyatt Earp would be the government. http://www.eff.org/

> I don't know enough to answer these questions, but thanks to full
> disclosure I am smart enough to cover my own ass. So keep them coming
> because without them I wouldn't be.
>
> I like the Internet the way it is, which self respecting anarchist wouldn't?

Most..others?

>
> btw I am a noob to IT security and this list(my first post), however I
> don't expect mercy should anyone rip holes in my observations.

Well, personally I found your post quite informative. Keep up the good work.

>
> PS long live the English language...

>
> regards
> Acr0nym.
> aka MrX
> aka dozens of other nyms for security by obscurity does have it's place.
>
> antisec@...hmail.com wrote:
>> lawlz what a dumbshit lawlz
>>
>> before total annihilation
>> ........................
>> after total annihilation
>> ........................
>> uid=0(root) gid=0(root) groups=0(root)
>>
>> ubuntu no good 4 you antz
>>
>> mad lawlz
>>
>> actoolie
>>
>> lawlz x 1337
>>
>> Make surrrrrrre to change php.ini back to your preferencez. and
>> clean out ZFS on the spark serverz ;)
>>
>> On Sun, 12 Jul 2009 12:55:52 -0400 darkp@...hmail.com wrote:
>>
>>> Uh oh, Is that you Chris Silva?
>>>
>>> I'm doubtful all the rage is over some images.
>>>
>>> I can only imagine you're sad the 04/09/09 source is being
>>> dropped;(
>>>
>>> I know, We all are. That is besides the huge lulz incurred on all
>>> of
>>> #compton and #antisec by posting the inane (and largely useless)
>>> comments in Retina for our amusement, I think the time has come
>>> to man up a bit on your part.
>>>
>>> Oh, Whats that? Its illegal in the state of california not
>>> to report breakins that could endanger private data?
>>>
>>> Sometimes I guess people need a little motivation.
>>>
>>> dark.nulldisclosure.net:539/retinaeeyelulz.tar.gz
>>>
>>> Don't blame me though, That stuff has been making the rounds on
>>> undernet
>>> for quite some time.
>>>
>>> In the event its not more pandering from eEye (Admittedly
>>> unlikely)
>>> (Inb4 Lawsuits on blackhat forums).
>>> Thats even worse, Then its just some internet toughguy trying to
>>> posture so he can save face.
>>> ___________________________________________
>>> ___________________________________________
>>>
>>> Though I appreciate the sentiment here with Antisec
>>> You know the "We're super big bad guys, the government doesn't
>>> care".
>>> I have a feeling I'm going to have to call your bluff.
>>>
>>> Wasn't this the exact same response to the ownage of BlueBoar back
>>>
>>> in the day?
>>>
>>> "WE WILL HUNT YOU DOWN EL8, YOU WILL PAY, WE ARE GOVERNMENT BLAH
>>> BLAH BLAH"
>>>
>>> Please, Spare me the pleasantries.
>>>
>>> El8 and related groups shattered your worldview.
>>>
>>> And that was a shortlived and ultimately fairly tame voyage.
>>>
>>> Also, Since when has romeo become the spokesperson for Antisec?
>>> Thats like saying textfiles is the spokesperson for Anarchy and
>>> clandestine LSD production.
>>>
>>> So, In short, Be well Dr. Antiantisec, Do good work, and be sure
>>> to
>>> keep Pidgin or NTP listening!
>>>
>>> --
>>> Visit the City of Brotherly Love! Click now for great vacation
>>> packages to Philadelphia!
>>> http://tagline.hushmail.com/fc/BLSrjkqiZnIEc0Sgss1ZS1Hgtrg7TOM0wwf
>>> l7ttXPusCgeWTgNCUwhoJqqU/
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>> --
>> Find a huge selection and great prices on bike racks by clicking now!
>>  http://tagline.hushmail.com/fc/BLSrjkqjdpDdll2HmCj2swO27qyejXkYgeaO9HZw8GKqDHNrFHH3hrpK1Oo/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ