Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Dailydave] Hyenas of the Security Industry

From: Matthew Lye <m.lye () griffith edu au>
Date: Tue, 22 Jun 2010 08:07:26 +1000
Please explain how an attack on a private company constitutes terrorism as opposed to something more like industrial 
espionage.

What he did was irresponsible, possibly even criminally negligent if viewed in a particularly narrow frame but what he 
did does not fit the definition of terrorism of any kind and calling random acts terrorism to build the hype and dilute 
the meaning does not serve anyones interests.

He should not get away with it, however to say that he inherently made everyone less secure by announcing it is buying 
into the idea that security can be obtained through obscurity. It is an illusion that has no real benefit, someone else 
had likely found the exploit as well and was using it for financial gain.

Just look at some of the responses HD Moore got when he started publicly releasing major bugs after 6 months of waiting 
for Microsoft to fix them with no movement. He had death threats from criminal organizations all round the world for 
releasing flaws that they were actively using.

++++++++++++++++++++++++++++++++++++++++++++++++++++
Matthew Lye
Client Technology Services 
Griffith University
Nathan campus, Griffith University, 170 Kessels Road, Nathan, QLD 4111, Australia 
Email: m.lye () griffith edu au
++++++++++++++++++++++++++++++++++++++++++++++++++++

-----listbounce () securityfocus com wrote: -----

To: security-basics () securityfocus com
From: "andrew.wallace" <andrew.wallace () rocketmail com>
Sent by: listbounce () securityfocus com
Date: 06/19/2010 12:08PM
Subject: [Dailydave] Hyenas of the Security Industry

In reply to http://lists.immunitysec.com/pipermail/dailydave//2010-June/006130.html

What he done was cyber terrorism, the same as all the other researchers have been doing for a long time... inciting 
cyber attacks through a disclosure release, to force a vendor to change policy by pressure of cyber attacks created by 
the disclosure.

It's expected researchers will stick up for other researchers and not believe they are doing anything wrong and believe 
their actions improve security, they don't.

Andrew

http://sites.google.com/site/n3td3v/



      


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: