Full Disclosure mailing list archives
Re: agile hacking?
From: Kern <timetrap () gmail com>
Date: Thu, 20 Mar 2008 08:54:56 -0400
The world does NOT need another Hacking Exposed. But it does need (and always will need) a modern book of Computer Security Fundamentals. There should be little to NO focus on tools (as these change quite often), the bulk of the focus should be on the Fundamentals and Standards; (I am mainly familiar with networking, i.e. this is not an exhaustive listing of Fundamentals) Border Security -- DoD "Barrier Reef" Defense in Depth Protocol Attacks (How the protocols work, and how they can be manipulated) Using a Debugger Traffic Analysis Probing (Nmap, nc, etc.) ISO Guidlines and Standards (also NIST, NSA, etc) Reading and Creating a CVE etc. By focusing less on the tools, and more on the thought process, you will be doing yourself and the "community" a favor. Security/Auditing/Hacking is a Process not a Tool. On 3/20/08, nnp <version5 () gmail com> wrote:
What's the Negative Public Relations Industry? On Wed, Mar 19, 2008 at 10:36 PM, Fionnbharr <thouth () gmail com> wrote:PDP, I don't really need backing up, I think my stuff stands but it seems you haven't looked at it still. Reckon you could spell my name correctly though? I get enough typo's with my real name let alone people messing up 'thoth' (though 6 letter minimum for gmail account names meant I had to put a u in there =/). Seriously though the last thing we need is more 'hacking exposed' style books out there. The disclaimer on your site says more about you than anything else: "GNUCITIZEN is a Cutting-edge, Ethical Hacker Outfit, Information Think Tank, which primarily deals with all aspects of the art of hacking. GNUCITIZEN's work has been featured in established magazines and information portals, such as Wired, Eweek, The Register, PC Week, IDG, BBC and many others. The members of the GNUCITIZEN group are well known and respected experts in the Information Security and Negative Public Relations (PR) Industries, with widely recognized experience in the government and corporate sectors and the open source community." Talk about public masturbation. I don't think any of the other people you mention in your posts that you look up to walk around claiming they're awesome nearly as much as you. On 19/03/2008, Petko D. Petkov <pdp.gnucitizen () googlemail com> wrote:reepex, you are the only one backing up troth, read on all comments... Idon'tbash people. I encourage them and this is present in all my work and the work behind the GNUCITIZEN umbrella. Not I, but the crowd hanged him, as well they will hang you for your arrogant, egocentric,foolishand rather juvenile behavior. I personally don't care about you, norIcare if you like the work on GNUCITIZEN or even my work. In my eyes and the eyes of others you follow very basic parasitic socialpattern:making a name for yourself not based on your knowledge but based on your arrogant, bottomless comments. You don't lead by example! You are a parasite, a vampire, sucking blood and energy from those around you. I hardly doubt that anyonecanconsider you as a friend or even appreciate your skills and knowledge when you are nothing more but a vulture. Comparing the Agile Hacking project with books such as "How to Own a Continent" (by FX, Paul Craig, Joe Grand, and Tim Mullen...), "How to Own the Box" (by Ryan Russell, Ido Dubrawsky, FX, and Joe Grand...), "How to Own a Shadow" (by Johnny Long, Tim Mullen, and Ryan Russell...), "The Art of Intrusion" (by Kevin D. Mitnick, and William L. Simon..) and the "Hacking Exposed" series (by some of the most recognized information security experts such as, but not only, Johnny Cache, Chris Davis, Stuart McClure, Joel Scambray, Andrew Vladimirov, Brian Hatch, David Endler...), is nothing but a flattering comment. I hope that this project achieves and even superseeds their success. These are some of my favorite books and I have a great respect for their authors. You and all others who support your dieing cause and who have repeatedly attacked what we have build from scratch with far too many sacrifaces, can laugh now but the simple fact is that you will never even come close to what we have already achieved and gave to this community. You and all other Full-disclosure trolls proved to be untrustworthy, unworthy even creatures. I hope that your real identities stay well hidden behind your nicknames as I highly doubt that you will succeed in life. If I were in your place I would have reconsidered my values. Your and the other trolls comments are not satire but idiocracy as a fellow GNUCITIZEN reader have pointed out. Kind Regards, pdp founder of GNUCITIZEN, information security research, penetration tester, life hacker, co-author of two best-selling books, author of numerous printed publications and online media outlets, activespeakerand opinion former, hacker culture evangelist, founder of Hakiri, entrepreneur, lecturer, etc... I am far behind the people I look after for inspiration and guidance but I am well ahead of you. On Wed, Mar 19, 2008 at 8:35 AM, reepex <reepex () gmail com> wrote: > so no one respects me, i bash people's projects, etc... whatever. > > You still do not explain why you have the attitude that any whodoes not> like your work or ideas is a talentless troll that you can brushoff.> > > > On Wed, Mar 19, 2008 at 2:40 AM, Petko D. Petkov<pdp.gnucitizen () googlemail com> wrote:Dear Reepex,> > > > Unfortunately, you've already lost all the respect for a larger > > portion of people on this mailing list as well outside of it. Youhave> > never led by example but by bashing people on what they try to > > accomplish. Everyone who has been in this industry/life style forlong> > enough know that they don't know everything. In fact, as thesaying> > goes: "A wise man never knows all, only fools know everything". > > > > My advise to you is to stop pretending being someone and be whoyou> > are. If you think that this project is crap then help to make it > > better. Everyone that has ever written a book, knows how hard itis to> > put everything together and how frustrating it is to want to putthe> > things that you want not having the chance to do so. It is easierto> > say what is crap but 100x harder to do it wright. Also, it isvery> > easy to take apart people from what they have accomplished, I'vedone> > it myself: > > > > >http://www.gnucitizen.org/blog/hamster-plus-hotspot-equals-web-20-meltdown-not/> > > > but 100 of times harder to put yourself in their shoes: > > > >http://www.gnucitizen.org/blog/reconsidering-the-side-jacking-attack/> > > > Again, lead by example not by baseless comments. > > > > Regards, > > pdp > > > > > > > > > > On Wed, Mar 19, 2008 at 3:59 AM, Nate McFeters <nate.mcfeters () gmail com>> wrote: > > > Ok, I'll buy that, that's reasonable. I wasn't in the exchangewith> thoth. > > > I guess when I read about a community project to write theultimate> hacking > > > book, I assumed people from all backgrounds of security wouldbe> interested > > > in contributing... maybe that's a bit of a Utopian view, but Icould> imagine > > > a one stop Frankenstein of a book (probably one so large youcouldn't> even > > > carry a hard-copy) that has some really great great stuff ifthe right> > > people contribute. > > > > > > Right now, I've got disjointed information everywhere that Ireference> for > > > various things all over my damn computer and bookshelfs...Uninformed> > > papers, presentations from various sources, manuals, books,blah blah> blah. > > > If it was done right, I think the book could be pretty damncool. Of> > > course, that depends on the community support and the contentthat comes> out > > > of that. I'm not sure what PDP has envisioned for the book,I've been> just > > > too busy today to give the article a good read, but I've alwaysbeen> very > > > interested in these community projects. > > > > > > I think that's why I love ToorCon and really was bummed that Ididn't> get to > > > make it out to 24c3 this year... lots of collaboration going onthere.> > > > > > Nate > > > > > > > > > On 3/18/08, reepex <reepex () gmail com> wrote: > > > > > > > On Tue, Mar 18, 2008 at 10:36 PM, Nate McFeters > <nate.mcfeters () gmail com> > > > wrote: > > > > > > > > > > > > > > > > > > I don't consider myself a 'kiddie' and I've consideredcontributing> to > > > it. I feel like the old adage of blowing out someone elsesflame to> make > > > yours burn brighter applies here. Reepex, I didn't get achance to see> your > > > presentation at kiwicon, bit to expensive for an American on atight> budget > > > to get out there, but if you have a link, I'd love to have alook.> We've > > > talked before, so I assume the presentation is good since Iknow you> know > > > your stuff; however, I've also seen some cool stuff come out ofPDP and> > > Gnucitizen... why the need to bash? > > > > > > > > > > > > I did not give the talk, thoth did. The reason I brought itup is> because > > > of > > > > http://www.gnucitizen.org/blog/agile-hacking/#comment-116766 > > > > where pdp blindly assumes thoth does not have a clue, whilenot> knowing > > > his background which must be some strange complex where peoplethink> anyone > > > who disagrees with them is inferior. > > > > > > > > > > > > > > > > > > > Web app hacking may not be the coolest topic in the worldto> yourself > > > and many others, but it is something that a lot of companiesare> concerned > > > with these days, > > > > > > > > > > > > Yes and we agreed web hacking has its place... the point Imade was> that > > > you cannot write 'the best hacking manual ever made' as pdp istouting> it > > > while only covering web hacking and running combinations ofdifferent> tools > > > such as kismet/tcpdump that pdp mentined as an example. > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > > > > > > -- > > > > Petko D. (pdp) Petkov | GNUCITIZEN | Hakiri | Spin Hunters > > > > gnucitizen.org | hakiri.org | spinhunters.org > > > > -- Petko D. (pdp) Petkov | GNUCITIZEN | Hakiri | Spin Hunters gnucitizen.org | hakiri.org | spinhunters.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- http://www.smashthestack.org http://www.unprotectedhex.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: agile hacking?, (continued)
- Re: agile hacking? Petko D. Petkov (Mar 18)
- Re: agile hacking? reepex (Mar 18)
- Re: agile hacking? Nate McFeters (Mar 18)
- Re: agile hacking? reepex (Mar 18)
- Re: agile hacking? Nate McFeters (Mar 18)
- Re: agile hacking? Petko D. Petkov (Mar 19)
- Message not available
- Re: agile hacking? Petko D. Petkov (Mar 19)
- Re: agile hacking? reepex (Mar 19)
- Re: agile hacking? Fionnbharr (Mar 19)
- Re: agile hacking? nnp (Mar 20)
- Re: agile hacking? Kern (Mar 20)
- Re: agile hacking? Petko D. Petkov (Mar 18)
- Message not available
- Re: agile hacking? reepex (Mar 19)
- Re: agile hacking? Garrett M. Groff (Mar 20)