funsec mailing list archives
Re: DefCon 'Race to Zero'
From: "Joel R. Helgeson" <joel () helgeson com>
Date: Mon, 28 Apr 2008 02:09:02 -0500
Addressing the whole list, not any one person in particular: Sorry, there is a lot to be learned by getting inside the mind of a hacker and building software to defeat AV Packages. If you cannot see this then you don't belong in the security industry. As a security expert, you make security better by constantly thinking of new ways to violate it. If everything the enemy can think of catches you totally off guard, I think you need to get a new job, find a new career, either voluntarily or after you get fired. Locksmiths hold competitions on who can crack a safe the fastest. Does this then put them on par with burglars? Jeez, the cat burglar and the locksmith use the same toolkits, the only difference is how they earn their living. When people ask me what I do for a living, I tell them "I get paid to do what other people go to jail for." "I'm a hacker, I'm one of the good guys." Seriously, what security expert hasn't thought about how to rob a bank, take down the internet, crash a server... we think maliciously and act with integrity. So, let's race toward ring zero and further hone our skills in the spirit of noble competition. Just my 2 cents... JRHelgeson -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rich Kulawiec Sent: Saturday, April 26, 2008 2:44 AM To: funsec () linuxbox org Subject: Re: [funsec] DefCon 'Race to Zero' On Fri, Apr 25, 2008 at 10:49:37PM -0400, B Potter wrote:
On Apr 25, 2008, at 8:05 PM, Paul Ferguson wrote:I'm sorry, but if people don't already realize that their behavior is already dangerous by reading the plethora of data, articles, research, blogs, etc. that is available, some controversial contest to write "stealthy" malware at DefCon ain't gonna do it either.Honestly, I think it's sad that everyone is scared of talking about/ building/demo-ing 0day these days. 10 years ago you could go to any security/hacker con and several talks would be revealing some new vuln/ exploit. IMO, that's changed dramatically due to several reasons:
I agree with both of you. I think it's fine that DefCon is going to have a malware construction contest. It may be entertaining. But let's not pretend that it will raise awareness: it won't. It won't be publicized beyond the circle that we work in, and even if it is, the people who most need to have their awareness raised won't hear about it or pay the slightest attention to it or modify their behavior in any way. They will continue to use worst-of-breed products like Outlook and IE, they will continue to click on anything shiny, and they will continue to subvert their own systems 24x7, thus saving attackers the trouble of doing it themselves. This is yet another version of one of Marcus Ranum's six dumbest mistakes in security: Number 5, educating users. As he says, "if it was going to work, it would have worked by now". ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' Rich Kulawiec (Apr 25)
- Re: DefCon 'Race to Zero' Eduardo Tongson (Apr 25)
- <Possible follow-ups>
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' B Potter (Apr 25)
- Re: DefCon 'Race to Zero' Rich Kulawiec (Apr 26)
- Re: DefCon 'Race to Zero' Joel R. Helgeson (Apr 28)
- Re: DefCon 'Race to Zero' Toralv_Dirro (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 28)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 28)
- Re: DefCon 'Race to Zero' Blue Boar (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 29)
- Re: DefCon 'Race to Zero' B Potter (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' 'Rich Kulawiec' (Apr 28)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 25)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 25)