Security Basics mailing list archives
Re: [Dailydave] Hyenas of the Security Industry
From: Matthew Lye <m.lye () griffith edu au>
Date: Tue, 22 Jun 2010 08:07:26 +1000
Please explain how an attack on a private company constitutes terrorism as opposed to something more like industrial espionage. What he did was irresponsible, possibly even criminally negligent if viewed in a particularly narrow frame but what he did does not fit the definition of terrorism of any kind and calling random acts terrorism to build the hype and dilute the meaning does not serve anyones interests. He should not get away with it, however to say that he inherently made everyone less secure by announcing it is buying into the idea that security can be obtained through obscurity. It is an illusion that has no real benefit, someone else had likely found the exploit as well and was using it for financial gain. Just look at some of the responses HD Moore got when he started publicly releasing major bugs after 6 months of waiting for Microsoft to fix them with no movement. He had death threats from criminal organizations all round the world for releasing flaws that they were actively using. ++++++++++++++++++++++++++++++++++++++++++++++++++++ Matthew Lye Client Technology Services Griffith University Nathan campus, Griffith University, 170 Kessels Road, Nathan, QLD 4111, Australia Email: m.lye () griffith edu au ++++++++++++++++++++++++++++++++++++++++++++++++++++ -----listbounce () securityfocus com wrote: ----- To: security-basics () securityfocus com From: "andrew.wallace" <andrew.wallace () rocketmail com> Sent by: listbounce () securityfocus com Date: 06/19/2010 12:08PM Subject: [Dailydave] Hyenas of the Security Industry In reply to http://lists.immunitysec.com/pipermail/dailydave//2010-June/006130.html What he done was cyber terrorism, the same as all the other researchers have been doing for a long time... inciting cyber attacks through a disclosure release, to force a vendor to change policy by pressure of cyber attacks created by the disclosure. It's expected researchers will stick up for other researchers and not believe they are doing anything wrong and believe their actions improve security, they don't. Andrew http://sites.google.com/site/n3td3v/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- [Dailydave] Hyenas of the Security Industry andrew.wallace (Jun 21)
- Re: [Dailydave] Hyenas of the Security Industry Ansgar Wiechers (Jun 23)
- Re: [Dailydave] Hyenas of the Security Industry Matthew Lye (Jun 23)