Full Disclosure mailing list archives
Re: Security Industry Under Scrutiny #4
From: "sockz loves you" <sockz () email com>
Date: Tue, 21 Jan 2003 09:02:30 -0500
They're already skilled at developing their own tools for "killing", and they already "kill" for various reasons, whether it be personal gain, organisational gain (ie a hacking group), or conceivably for the gain of a foreign, enemy power. To continue your comparison between wannabe hackers and amateur killers, the blackhats, therefore, are the professional hitmen. The real contract killers. The Jackal, perhaps.
oh please, and you think that telling everyone about some new xml exploit is going to stop people like that? face it, buster, there is no way to stop professional hackers. but the crucial differences are: a) they generally spend less time looking for exploits and are fewer in numbers than whitehats. thus, pose less of a threat to security than the amount of information put out by the security industry to the general public. b) these people dont share their exploit information. reducing the likelihood of an attack to some random system. essentially it is safer. c) if the security were so great at doing its job then why do these people still exist in society? as it stands, current practices seem as though the result would be more professional hackers because more people are being informed about how to hack shit. sure there is a big leap between reading something liek nomads faq and being paid to hack shit for some terrorist organisation, but given that the audience is so large, that percentage chance is still a higher number. ******************************************************************************** but, the issue here is not that professional's liability but rather corporate responisbility in the kind of information it releases. ********************************************************************************
Which do you think an open, democratic society would see as the greater threat?
the threat that wants to see the general public turned into criminals, thus degrading society and making crime more common. crime is bad for society, remember?
The threat of a vast number of people capable of "falling off the cliff" and killing other random citizens that don't have protection details etc.
heh i like it how you extended this analogy to have the hacker falling on ppl to kill them. its cute, i love it :D
Or the threat of a select few that understand defensive tactics, walking formations, successive layers of security, what security surveys are likely to find, and are capable of assassinating the head of state?
there is a difference between self defence and offense. i have nothing against self defence, i think its a basic human reaction. but to maliciously attack another human (or their computer) is illegal. and we have to stop treating hacking as though its acceptable in society. that its okay for people to read through advisories and then use that information to compromise a system. its not right. and non-disclosure is one of the more effective ways to stop it.
You'll find your answer to this question in the degree to which organisations such as the FBI take threats against the President so seriously. They know they can protect against most random nutballs with an ounce of information and proper preparedness. They don't know they can protect against an individuals with skill, determination and the proper equipment.
sorry but you're wrong. i dont find my answer here. all i see is that in your analogy the FBI can be called the "security industry" but where the FBI releases information to the public (maybe through a newspaper or tv) on how to assassinate presidents.
I <3 U 2
!!! 2 b4d w3 c4n n3v3r b 2g3th3r bcuzz u r a wh1t3h4t & 3y3 h8 u :( -- _______________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Meet Singles http://corp.mail.com/lavalife _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 batz (Jan 21)
- Re: Security Industry Under Scrutiny #4 Silvio Cesare (Jan 21)
- Re: Security Industry Under Scrutiny #4 yossarian (Jan 21)
- <Possible follow-ups>
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Re: Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 Day Jay (Jan 21)
- Re: Security Industry Under Scrutiny #4 Silvio Cesare (Jan 21)
- Re: Security Industry Under Scrutiny #4 Day Jay (Jan 21)
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Re: Security Industry Under Scrutiny #4 The Hawklord (Jan 21)
- Re: Security Industry Under Scrutiny #4 hellNbak (Jan 21)
- Re: Security Industry Under Scrutiny #4 Ron DuFresne (Jan 22)
- Re: Security Industry Under Scrutiny #4 hellNbak (Jan 21)
- Re: Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Security Industry Under Scrutiny #4 ratel (Jan 22)
- Re: Security Industry Under Scrutiny yossarian (Jan 22)
(Thread continues...)