Re: The real motivations of vulnerability disclosure

["worried security" <worriedsecurity () googlemail com>]

If you read my version of the life cycle of a hacker you would know you were
talking bollocks. n3td3v has nothing to do with gobbles or any other group
you mentioned. n3td3v is apart from them. n3td3v is different from all those
others. so don't bring those names into my own agenda of defining the life
cycle of a hacker. Froggie is entitled to his opinion, and I put my version
of a life cycle of a hacker under it. Stop saying n3td3v is gobbles. Gobbles
hasn't been on the lists for years, so why does Gobbles get mentioned.
n3td3v has nothing to do with Gobbles, infact we live in different parts of
the world.

As for your opinion, you are wrong, but you are entitled to make it.

Read n3td3v's life cycle of a hacker next time, you might learn something
about the industry and the underground, before you open your mouth.


On 10/3/07, endrazine <endrazine () gmail com> wrote:
> Hello FD readers,
>
> I don't usually answer non technical posts, but I feel like explaining why
> I believe the ideas expressed by Mr Frogs and similar underground orthodoxes
> are clueless.
>
> "Mr Frog" : To summarize your thesis : ppl disclose vulnerabilities for
> fame & profit. "That's not how real hackers used to be".
>
> Ok, let's analyze those statements a bit deeper :
>
> First, let's establish the truth about fame :
> Fame ? What fame ? Does your mother know who Michal Zalewski is ? Of
> course not. When you first decided to be a "computer enthusiast", you also
> decided you would spend your life behind a computer an none would ever give
> a damn.
>
> You're also mentioning people having wikipedia entries or belonging to
> "crews" ( the so called research communities) : you're surely missing people
> writing bullshit on blogs and posting links to their miserable thoughts on
> public mailing lists...
>
> Additionally, I especially enjoy the intellectually challenging relation
> between your first sentence "when a vulnerability in a major site is
> discovered people freak out"... and your conclusion : "These types of people
> tend to hang around 'xss' hacking sites where they can learn the masterful
> art of finding an issue any 5 year old could find with less than 15 minutes
> of training.".
>
> In a nutshell, that's the good old manichean (did I say Protestant ?)
> schema : the good (being the "non disclosure" folks from your blog post)
> agains the bad (being the "fame seekers") guys. In the same veine, let me
> quote http://www.phrack.org/issues.html?issue=64&id=4#article :
>
> "    But it is the reason not to write a technical article. The purpose of
> this article is to launch an SOS. An SOS to the scene, to everyone, to all
> the hackers in the world. To make all the next releases of Phrack better
> than ever before. And for this I don't need a technical article. I need
> what I would call Spirit."
>
> (follows an apology of pre-internet hacking mythology)
>
> Those kinds of thoughts, almost as inept as they are widespread.
>
> To you all, anachronic purists of the so called underground : go to hell.
> If there ever was a "spirit of the underground", it was the belief  that
> individuals can, on their very own, do better than what engineers do on the
> industry (which is in fact absolutly understandable if you consider that
> companies have budget constraints, deadlines and limited knowledge). I don't
> see any opposition between this and vulnerability disclosure. What you do
> with a vulnerability you have found is unrealevant. Now, if the whole dilema
> is about people being at the same time security enthousiasts on their own,
> and social beings needing to work in a way or an other to feed their
> families, let me tell you a big secret : everyone on the underground,
> starting with Adm, teso, phenoelite, phrack,  (pasting from phrack's
> article) 2600,Phrack, PacketStorm, Phreak.org <http://phreak.org/>,
> Uniformed, PTP,Netric,Felinemenace, Hackcanada,Toxyn, phc, w00w00, devhell,
> cDc, l0pht, el8, gobbles, synergy, blacksecurity, u-name-it people and
> members of every other reasonably skilled security group I have never heard
> of are working for security related companies. Maybe it wasn't the case in
> the 80's. But today, of you want to be able to understand a bit what's going
> on, hacking is a full time job. Their is no dichotomy between hacking on
> your own and selling your skills to a company. So please, stop pointing the
> finger at each person trying to share a bit what they have discovered.
>
> my 0.02$
>
> Regards,
>
> --
> endrazine-    //    Garage made hacker & Security Engineer at the same
> time.
>
>
> PS: The members of the above cited groups are asked not to flame me with
> "I'am no industry guy" posts : I know you are ;) And thanks for sharing your
> work : I couldn't get half of the skills I have today without your
> "disclosures".
>
>
>
>  On 10/3/07, Mr Frog <hacking4froggies () gmail com> wrote:
>
> > For the past 10 years when a vulnerability in a major site is discovered
> > people freak out. I'm not debating the importance of certain site
> > vulnerabilities such as those exposing personal or account information. I'm
> > going to talk about one of those things people think, but don't speak
> > publicly about which involves the intentions of those vulnerability
> > disclosure folks. I'm going to break down these types of people and some
> > people in the 'industry' are going to laugh and others possibly be offended.
> > If you have a problem with this then we can meet in an alley for warfare,
> > but please don't bring salt as it burns.
> >
> > http://hackingfrog.blogspot.com/2007/10/o-o-omg-frog.html
> >
> > - Froggie
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/