Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Are PHC going to ultimately secure more work for

From: nfernandes () real-secure com (Nuno Fernandes)
Date: Wed, 18 Sep 2002 12:56:27 -0400
PHC is a terrorist network, it's just done over the Internet.


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of sockz loves
you
Sent: Wednesday, September 18, 2002 9:44 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Are PHC going to ultimately secure more
work for

----- Original Message -----
From: "James Martin" <fulldisclose () uuuppz com>
Date: Mon, 16 Sep 2002 12:54:22 +0100 
To: <full-disclosure () lists netsys com>
Subject: [Full-disclosure] Are PHC going to ultimately secure more work
for "Security Consultants"?

Hi James.


I've been pondering the real effect PHC are going to have (if at least
partially successful) on the "Security Industry". My conclusion is

that

ultimately they will help, not hinder the industry. I'd be interested

to

hear your comments on my argument.


likewise.  i think i've made a few good counter-arguments in my reply,
but
i would certainly be interested as to what you (and others) think.
 

What does the industry rely on to maintain a market? Fear. Fear of

breaches

of privacy. Fear of vandalism. Fear of embarrassment. Fear of loss of
productivity.


hmm... i see.  fundamental but true.


For a company to invest in maintaining security, they must be able to
justify their fears. As many of you know it can be very difficult to
convince those in suits that there's a real risk of being hacked. A

tangible

representation of the risk is often needed, rather than just

protecting

against an unknown enemy.


i dont know many *suits* who are aware of the PHC.  sure a few would
exist out
there somewhere, but business people tend to want to focus on things in
the
business scene, not the computer security scene.  thats why they hire
security
"professionals".  because they dont have the time to waste on the job
themselves.  hence if the business person hasn't got the time to keep up
with
first-hand information about the hacking community, then they become
heavily
reliant upon the security people they contract.  which ultimately brings
us
back to the point that its the security industry that generates this
paranoia.


If PHC et al succeed in building a name for themselves in the media,

they

will become to Al Quida of the security  industry. Still very sketchy

in

detail, but a label for the risk. This in my opinion should prove a

powerful

weapon in the arsenal of those pushing for larger (or even some)

budgeted

capital for security related services.


why do you attempt to demonise PHC by likening them to a well-known
terrorist
network?  it doesn't help your point at all.  if this DOES happen it
will be
the fault of the whitehat security industry panicing.  just because al
qaeda
is probably the most known terrorist organisation on earth, doesn't mean
they
are the most formidable.  there are many other groups out there who
aren't
even mentioned, yet could probably out-terrorise :) al qaeda.  catch my
drift?
al qaeda is like the script kiddy organisation of the terrorist
underworld.


Ultimately a threat is going to strengthen the industry not weaken it.

Keep

up the good work PHC, your securing the internet ;P.


not really, seeing as the security industry can only protect its clients
against those bugs that are known.  i dont see it as being that hard for
PHC
to come up with something original whenever they want to make a point.
hence
a threat is just a threat, it doesn't strengthen anything.  the only
strength
gained is when unique attacks occur, prompting whitehats to investigate
a new
technique, at which point it becomes redundant and probably wont be used
by
the group again.  comprehend?  this brings us back to the original
argument
that the only strength the security industry has is in the ability to
palm
off obsolete attacks as threats in themselves.  a scenario in which the
only
ppl moving to execute these attacks are leeches.  PHC has no need to
leech.

anyway, i'd be interested in hearing your thoughts on this.

<3 sockz
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: