lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJtJjZuTcFTuijkOCvBR1waZsqOhr52U3gu_sQDbS+F4L_i_kA@mail.gmail.com>
Date: Mon, 3 Oct 2011 12:38:11 +0100
From: Darren Martyn <d.martyn.fulldisclosure@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VPN providers and any providers in general...

Well, thanks for the logical response :)

Many people want these "evil hackers" locked up and such, but doing so will
only achieve the folowing (in my opinion):
A: Cost money.
B: Turn them into a more hardened criminal.
C: Cost the community a useful person who could be beneficial to them.

Consider that Davis is 18, Cleary only 19, and other people arrested are
about the same age. What the law enforcement and judicial bodies dealing
with them must realize is that they are dealing with intelligent young
people, who simply chose the wrong path. What they need is not a prison
stay, but some rehabilitative treatment, perhaps councilling to help them
find the right path, and a better sense of morality.

Hell, in some cases the mere arrest itself scared people straight. Having a
bloody SWAT team blow the bloody doors off is enough to reangline* most
young mens moral compass!

Of course, jailing them can be used to "send a message" that "this is not
acceptable" and such, but that has *less* merit than *using* them for good.
All one does by sending a message is make those still out there feel more
persecuted, and persecuted people lash out, doing more damage, and the cycle
continues.

*This computers spellcheck is not working, it wants to use Cyrillic!

On Mon, Oct 3, 2011 at 12:28 PM, xD 0x41 <secn3t@...il.com> wrote:

> Ok.. my final posts on this matter i think... and opinons,
>
>
> (No, seriously, I wonder what your opinions are on rehabilitative rather
> than punitative measures to be taken against criminal hackers, assuming
> fraud was *not* involved, and what benefit they can be to the community and
> whether it outweighs the negative effects of not making examples of them).
>
> It does outweigh, for, each time a perso is jailed it costs you, me, and
> anyone wh works, money.
> We can re3duce the harm, by education and counselling. Especially forced
> hours per-week basis, of counselling with a qualified psych, possibly before
> release even better.
> I think the IQ level is higher, therfore, there is a 'smarter' chance of it
> happening, asmuch as theyre hacking, theyre also gaining tremendus knoledge,
> many do go into IT sec, we just cannot see those cases really..and when we
> do, theyre usually yrs after the thing has happened, but, i could think of a
> few EU based guys who are hapily workin for huge co's, making massive cash,
> evven maker of Morphine, HolyFather, admittedly went into Av, and made
> rootkits for years.
> So, for sure, why put them in jail, it is just going to 'harden' , like
> anyone will when ones back is up against the wall, as it will be in jail
> ofc.
> I think rehab, rather than retalliate.
>
> Bedtme here for me :)
> I enjoy your posts, and i think the whole topic has much merit in these
> lists, other than just about a cpl of websites, pople forget that it is
> still about, the freedom to even, do a simple pentest , really thats the
> crux of it.
>
> So, i think,some method used by psychology, could very easily work,
> especially because, these guys are usually VERY smart, and, the can still be
> 'saved' unlike some hardened armed-robber/burglar...
> The chance of rehab, is specially high because of the intellectual platform
> it takes  just to be at a simple or mediate level of the scale, in terms of
> 'hacking' in hgeneral.
> cheers,
> xd
>
>
>
>
> On 3 October 2011 22:17, Darren Martyn <d.martyn.fulldisclosure@...il.com>wrote:
>
>> Thanks for the input, I will be putting this as a debate soon for thew Law
>> Society in the Uni I attend, to see what the legal guys think.
>>
>> The issue in the example is not fraud, but damage done to the servers
>> (lets assume root/deface) and perhaps leaking of stolen data - the case I am
>> using as an example would be, for example, the "LulzSec" breaches. How hard
>> would they get f*cked on an international scale if arrested? How many
>> countries will try extradite them?
>>
>> In my opinion, they should be simply charged, tried and convicted in their
>> country of residence and be done with it - there is no benefit to society as
>> a whole to be gained from hanging them three or four times a piece, as I
>> reckon given a good shock and such, they come out with a newfound respect
>> for authority and may even be of some benefit to the security community and
>> the community as a whole. Locking them up merely turns them further toward
>> criminal lives - and remember, all hackers *have* potential to do good as
>> well as evil, it is just a matter of their choice. Given a *shove* toward
>> the right decision is more beneficial in the end.
>>
>> "Discuss"...
>>
>> (No, seriously, I wonder what your opinions are on rehabilitative rather
>> than punitative measures to be taken against criminal hackers, assuming
>> fraud was *not* involved, and what benefit they can be to the community and
>> whether it outweighs the negative effects of not making examples of them).
>>
>> On Mon, Oct 3, 2011 at 9:34 AM, xD 0x41 <secn3t@...il.com> wrote:
>>
>>> Could just lok at the recent david cecil case here in .au.
>>> It does say alot, because he did breach some bigger networks.. and he was
>>> committing 'smaller' scale fraud but, still fraud, however, his main problem
>>> was what he did to a governemnt site, wich was deface it for personal gain,
>>> not profit.
>>> It is the latest case wich would be valid of this.
>>> still.. intresting infos... good stuff.
>>> xd
>>>
>>>
>>> On 3 October 2011 19:16, Darren Martyn <
>>> d.martyn.fulldisclosure@...il.com> wrote:
>>>
>>>> Going back to my own example, say all three are first world countries,
>>>> and A and C are in the EU whilst B is the US. All nations involved have good
>>>> diplomatic relations and preexisting extradition treaties, and to add
>>>> interest to it, lets say the LEO in B and C helped the investigation. The
>>>> criomes would be non-financial, but say, large scale hacks and such. I will
>>>> use Jake Davis's case as a "canary case" for this though...
>>>>
>>>> On Sun, Oct 2, 2011 at 12:31 AM, xD 0x41 <secn3t@...il.com> wrote:
>>>>
>>>>> Ah, the legend of the mailing-list himself, has spoken.
>>>>> not knowing you, for all i have seen, your a pathetic sack of rubbish,
>>>>> and really, what we are discussing, if you had ANY clue, wich obv dont, is
>>>>> simply how far our own freedom is going.
>>>>> You are an idiot.
>>>>> Have a nice day.
>>>>> xd
>>>>>
>>>>>
>>>>>
>>>>> On 2 October 2011 08:45, andrew.wallace <andrew.wallace@...ketmail.com
>>>>> > wrote:
>>>>>
>>>>>> On Sat, Oct 1, 2011 at 5:50 AM,  <Valdis.Kletnieks@...edu> wrote:
>>>>>> > On Sat, 01 Oct 2011 09:16:11 +1000, xD 0x41 said:
>>>>>> >
>>>>>> >> As you also said, murder is a no brainer in any place...well, maybe
>>>>>> not iraq
>>>>>> >> or afghanistan just yet :P lol..
>>>>>> >
>>>>>> > Iraq, for all its problems, is still a place with a somewhat
>>>>>> functional
>>>>>> > judicial system. The court system may be broken, but you in general
>>>>>> *will* at
>>>>>> > least appear in a courtroom with a judge and be pronounced guilty
>>>>>> before you're
>>>>>> > punished.
>>>>>> >
>>>>>> > I was actually thinking more along the lines of  totally failed
>>>>>> states such as
>>>>>> > Somalia, Sudan, or the contested parts of Afghanistan, where you
>>>>>> can't be tried
>>>>>> > for murder because there isn't a court to try you *in*.
>>>>>> >
>>>>>>
>>>>>> Have you not grown old of talking to children on mailing lists?
>>>>>>
>>>>>> ---
>>>>>>
>>>>>> Andrew Wallace
>>>>>>
>>>>>> Independent consultant
>>>>>>
>>>>>> www.n3td3v.org.uk
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ