Full Disclosure mailing list archives
Re: RE: Security Industry Under Scrutiny: Part Two
From: Silvio Cesare <silvio () big net au>
Date: Tue, 19 Nov 2002 09:18:56 +1100
On Mon, Nov 18, 2002 at 07:01:46PM +0000, democow the happy cow wrote:
From the desk of democow,/* Basically what is actually done by Black-Hats and White-Hats is the same thing: find holes and patch them (or is it not among the first things after a server is owned that the Known software holes of the server are patched?).
Hehe.. Nice ;-) oh shit.. wait.. I gotta fix something, my "managers" been bugging me all w33k!
The only difference lies in the individual attitude, And even that may very well differ from instance to instance. */ I find this to be totally untrue, in some respects the methods that black\white hats go about to discover and find information about a cretin subject is quite the same.
OK. How is this for a challenge.. Definition: Script Kiddy A person who h4ckz into systems using the tools written by other people, without knowing how they work. Definition: (I wish I was A) Script Kiddy A person who * systems using the tools written by other people, without knowing how they work. [ * May be your MCSE, maybe your forensics d00d. ur nmapper pen tester. Place your bets! ] ^^ oh shit.. we just l0zt half of the whitehat community!
But the intentions are entirely different. And the repercussion of actions of the part of each is entirely different.
Yes, correct. Take for example the whitehat who goes to school because Information Technology (IT) is the "big thing" these days.. or the sec. person who, erm, whats the world.. $$$ ?
/* But it is my opinion, that individuality cannot be governed By ethics finally. */ what is it that a person judges himself by if not his ethics, and the ethics of the people he\she chooses to be around? people hang around like minded people.. And in this community that is usually based on ethics your choice of words here is quite odd, and reflects your misunderstand of the situation at hand? /* No system can function responseably if there are no response-able individuals. */ and what do you think the white hats are my friend
Erm.. yah. I need not to go into why such things as RFC's have been written up in response to "vendor inaction" and "irresponsible disclosure". How many vendor's will use legislation for "non-disclosure" because it protected the "companies" $$$ and not the consumers?
/* Worms or Script-Kiddies are just part of the background sounds of the internet jungle, they serve their purpose. No need to "fight" them, just protecting against them is sufficient. Real threats come from bigger animals, come from bigger organizations. No man should tell another man what to do, but I think we would be all better off with an internet which is not too much Regulated by law or tied up by big "systems". */ we are in no way telling people what they should, should not do we, we are not trying to control anything other then information flowing to people that should not access to it , as well as making sure that anyone who plans
Thanks for YOUR decision on MY behalf ;-) Maybe cases throughout history, what you are describing has occured - In fact, its rather well documented for such people to make decisions for the so called "welfare" of other people, without realizing that such people are capable of their own welfare. Australia has the classic example of the "stolen generation" in a context of decision makers, making decisions for others on their behalf. Do you remember the time when homosexuality was seen as disease? My doctor told me this is what I must do, so I can fulfil HIS (or her) expections of my own welfare.
to let said information flow into the general stream knows the repercussions an event like that would have.. Just because script kiddies are not that bight.. That dose not stop them from their actions and the money spent not only to stop them.. But of the financial loss of regular consumers.. Due to credit card fraud.. Down time.. etc, the info-sec
Erm.. Financial losses to consumers.. now, if only I can get this f*qing box to run 24/7 without continually crashing. If only this was public information on whats making this run or not run, MAYBE I can get some of my own work done for a change.. At least, I can do this in opensource without fear of the DMCA rearing its uglyness. BoB (if I may call you that) - if you believe that the only consumer loss it the result of security adivisories being pumped out and associated h4ckZ related to such releases, then perhaps try actually working on a system, instead of just reading Bugtraq all day.. In any case, you know how much revenue advisories churn out for a company? Rather ALOT actually.. how much do vuln researchers make? not THAT much in comparison.
industry can not function with out their presence and they and the white hats and responsible for their arrival.. We want to remove them? why do you want to keep them here? As well do not forget what socks said, that they are in part responsible for the harsh laws being implemented
Erm.. psych's call this "blame the victim syndrome". "The clothes she was wearing; look at that mini-skirt.. she was litterally screaming and wanting to be..." "These heavy handed negro laws wouldn't be in place if it weren't for the negro's.. we are only trying to protect society as a whole - how narrow minded these black people are to not think of everyone". "If it werent for these bl4ckh4t's, we wouldnt HAVE to be require being able to monitor your connection without respect for privacy, constitution, legislation or social justice". Did you ever see that episode of the larry sanders show --> Jepeordy --> A: This group controls the worlds money. Q: Who are the Jews? - Damn.. I think I'm going to have to take some Jew's money, because he must have stolen it from me in a previous generation, or exploited the masses to get into the position he is now. (Lets ignore things like the Australian native land right cases which can counter the above literal example)
-Democow "why do you need any other cow"
OK.. silly bug for now (s0me pe0pl3 c4nt c0unt) - erm. 1999 is fuqin crazy (I don't even know if this code is r34l or not to be honest)! This is RH 8.0 (which is really nice actually - I believe they will easily give windows a run for their money on the desktop; though I'm sure many will bitch and say RH 8.0 l00ks too much like win* - perhaps). --- bsd-finger-0.17/finger/util.c 1999-09-29 08:53:58.000000000 +1000 +++ bsd-finger-0.17-silvio/finger/util.c 2002-11-08 14:29:26.000000000 +1100 @@ -373,7 +373,7 @@ char *p; const char *q; int len; - static char pbuf[15]; + static char pbuf[16]; /* don't touch anything if the user has their own formatting */ for (q = num; *q; ++q) -- Silvio _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Security Industry Under Scrutiny: Part Two sockz loves you (Nov 17)
- Re: Security Industry Under Scrutiny: Part Two Euan Briggs (Nov 18)
- Re: Security Industry Under Scrutiny: Part Two Ka (Nov 18)
- <Possible follow-ups>
- RE: Security Industry Under Scrutiny: Part Two democow the happy cow (Nov 18)
- Re: RE: Security Industry Under Scrutiny: Part Two Silvio Cesare (Nov 18)
- Re: RE: Security Industry Under Scrutiny: Part Two Noreturn (Nov 19)