Attack and Defense

[Dave Aitel <dave () immunitysec com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My next talk is offensive. It's about attacking things, and there's no
slide at the end that tries to rationalize it with "How to protect
against this problem". It's weird to me to see people stand up and
give an entire talk about attacking ActiveX components and then say
how they don't think it would be right to release a tool that helps do
this because bad people might use it. Or an entire talk about
weaknesses in Novell's web server with a speech at the end from
Novell's representative about how responsive they are to people
pointing out basic authentication problems in their products. It's
like watching information security talks from a German rabbi, filled
with self loathing and four thousand-year old guilt trips.

And now, of course, Johnny Cyberpunk, who's already so scared of the
public eye he doesn't use his real name, has decided not to post
exploits to the Interweb, something he clearly enjoys. Probably four
or five MSCE's with nothing to do on Monday night but scribble
patronizing things into their tablet PCs sent him almost-legible
messages informing him how evil he was. That's pretty normal. This is
the Interweb, after all, and people with wireless connections and no
families invariably have too much time on their hands and will use it
to push their own weak natures on others via the tyranny that is
ubiquitious accessibility.

Complaining about hacking information being distributed or people
writing dumb worms that don't even really work is about one step away
from writing MTV to complain about Janet Jackson's tit popping out
during the super-bowl. It's right next to screaming at the kids in the
apartment above you for making too much noise at 10pm. The other day I
put my XP machine on the Internet to debug my cable modem connection.
It got hacked in a few minutes, and I turned it off and did something
else. That's it. And if you can't see the connection there you need to
go and score some weed and find out how much easier it is to pick up
girls with a pocket full of illegal drugs than with a CD-case of
illegal mp3s.

Anyways, my next talk is titled "Advanced Ordinance" and if you want
to be a test-group (I hate giving talks for the first time to BlackHat
- - it's stressful with a crowd that large), let me know.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAjsUlzOrqAtg8JS8RAuY/AJ4xKE7mgFetled+Hxc2EfXzc/nnvQCaA5fM
Yy41kUsmUhbjQ0ANE8l3qjQ=
=JPUp
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave