lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 23 Apr 2011 09:00:11 -0700
From: ichib0d crane <themadichib0d@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Gomez eats the weak

lol someone who thinks he is original because he is stating things
that pretty much everyone knows, or at least traces of which may be
true enough to be known.

Of course no one but your peers give a crap about what you do, guess
what? No one but those in the immediate peer group of an architect or
a subway employee cares about what they do either.

Of course some moonlight as blackhats, guess what? Some 'anti-man'
blackhats daylight as paper pushers. Some flip your burgers and get
you your star bucks, so what? Is there some mystical enlightenment
into this realization?

Of course there are "unknown heroes" patching the vulns, guess what?
That's their job. *insert everyone's job is their job comparison here*

Of course the government lures the brightest minds to work for them
and develop exploits for *insert cause here*. Ever BEEN to the CIA or
NSA website? THEY ADMIT IT. Quite frankly their methods are at least
far better than say China just doing open funding of various groups
without any real hold other then a pay check. At least with the US
government ya gotta pass background checks(or they are at least aware
of it) and get security clearances.

Of course most pen-tester's post-exploitation skills suck. That is
simple deduction based upon their job description: they are meant to
test the security, response level, and risk to a network and not to
integrate into the system completely cloaked without a trace. It's
simply not that relevant of a skill and quite frankly it is sad but
true that such pathetic methods are simply good enough, they dont NEED
to be better. Any serious attacker knows this and works hard to build
tools that pwn the post-exploit techniques of pentesters, which isn't
very hard either, ya just gotta use common sense and know some code.

Valdis is right, you must be new here if you think that stating
obvious facts make you seem smart.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ