Penetration Testing mailing list archives
Re: Will the real hacker please stand up and raise their hand
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 14 Jul 2006 13:59:18 -0700
What, the trainers aren't good enough? ;) T --- New Blackhat Vegas 2006 Training Offered! ISA Ninjitsu: Designing, Building, and Maintaining Enterprise Firewall and DMZ Topologies with Microsoft ISA Server 2004 http://www.blackhat.com/html/bh-usa-06/train-bh-us-06-tm-isa.html On 7/14/06 12:46 PM, "Mark Teicher" <mht3 () earthlink net> spoketh to all:
Anyone on the speaker circuit.. :) -----Original Message-----From: "Arian J. Evans" <arian.evans () anachronic com> Sent: Jul 14, 2006 1:29 PM To: pen-test () securityfocus com Subject: RE: Will the real hacker please stand up and raise their hand I'm sorry, there's good & bad people out there, and I've worked for the bad kinds of folks Terry described, and while I could fill pages with sadly amusing anecdotes: that's life. There's also good folks out there to work for/with, and you simply have to look a little harder to find them. Yes, shameless self-promotion and over-committal BS wins most of the time; you should hear my friends in the pharmaceutical industry rant about this *same* subject. Except, they have a heck of a lot more Riding on their management's mistakes than an unfixed XSS or CSRF. Nothing unique about our industry vs. say accounting, except maybe about 600 years of formalized practice. I've gotten to sit beside PHD's who talk all day about network security concepts, but cannot run a sniffer to save their life, and I've worked with folks who would pick the PHD over the experienced professional to run the sniffer every time. </shrug> So if it bugs you, go get a PHD and be both. Mark: I am curious though, I'm headed to BlackHat next month, and who is it that you recommend I should be trying to meet? Arian J. Evans +1.913.378.3571 [mobile] "See? That was nothing. But that's how it always begins. Very small." -Egg Shen-----Original Message----- From: Mark Teicher [mailto:mht3 () earthlink net] Sent: Thursday, July 13, 2006 3:36 PM To: Terry; pen-test () securityfocus com Subject: RE: Will the real hacker please stand up and raise their hand But why one doubt a Ph.D. (CISSP, IAM, CCNP, CCDA, CCNA, ACE, CCSA, CCSE, and MCSE) who gained access to a database at Roswell in the early 90's Almost like a person who spent over 10 years with the Federal Government perfecting the skills which enable him to be called "one of the first CYBERSPACE private investigators". Makes you want to attend BlackHat and actually meet and greet a real bonafide grey/black hat hacker. :) -----Original Message-----From: Terry <tvernon24 () comcast net> Sent: Jul 13, 2006 3:56 PM To: 'Mark Teicher' <mht3 () earthlink net>, pen-test () securityfocus com Subject: RE: Will the real hacker please stand up and raisetheir handJust recently, I worked at a company whose main client wasthe DoD. When Iwas being scouted I heard many promises and things thatpeaked the interestof an ex-mischief maker. When I got the job I soon realizedthat the manrunning the show was a huge fraud who claimed many accoladesabove my own.Everything he said about his technical past was a lie and tomake thingsworse, whenever he talked about me openly he hyped me up tobe something I'mnot from my past reputation. In the end he stoppedpretending to be my allyand I got railroaded but it didn't come without a price tothem. When Ithink about the whole mess now all I see is how shamelessself promotion andlies can get you anywhere, even a contract with the upperrungs of ourgovernment. Today I surely think the agents in which wereinvolved havesmartened up to this pretend company. My example here is I've made myself a bad name being yourtypical black hat.When I turn it all around into a useful thing for societynobody wants tohire me except liars and frauds. The things many of us onthis list know cansave a company millions, the sad part is we get picked up by bullshit artists that cheapen the art in which we're skilled. I amsaddened when Ithink about all the huge liars and morons that put "Network Security Engineer" on their business card. Most people who look at myresume aren'tqualified enough to read it, so I get overlooked because oftheir ignorancein my field and they pick based on who went to the bestschool. I'm probablynot alone in this plight. /end rant /dance -Terry -----Original Message----- From: Mark Teicher [mailto:mht3 () earthlink net] Sent: Thursday, July 13, 2006 7:23 AM To: pen-test () securityfocus com Subject: Will the real hacker please stand up and raise their hand Every once in a while, I read a story on the Internet, thatjust doesn't addup, as listed below, it appears most organization,enterprise type companieshave policies preventing the hiring of known or identifiedcomputer securitytype people, other companies hire them openly or make upsome impressivepress statements stating they have hired one with rootfu orsome sort ofskillz, whatever they might be.. You be the judge after the reading the attached article.. -------- Original Message -------- Subject: [ISN] Hackers and Employment Date: Thu, 13 Jul 2006 03:15:11 -0500 (CDT) From: InfoSec News <alerts () infosecnews org> Organization: InfoSec News - http://www.infosecnews.org/ To: isn () infosecnews org http://www.line56.com/articles/default.asp?ArticleID=7766 By Demir Barlas Line56 July 12, 2006 The reason many of us who grew up outside America found this country charming and worthy of emulation was its principles, atleast as projectedon the movie screen. You can argue about their politics, but the characters portrayed by John Wayne, for instance, operatedaccording to afixed code of ethics. They stood for what they considered right; they never cheapened or sold themselves; and they lived (and died) with integrity. I encountered this America before I actually came here. Perhaps this is why it is so easy for me to see whatnative-born Americanscannot understand about that their own country: that it israpidly fallinginto decadence. When I say this, I'm not referring to some declining standard of collective religious morality, but rather to personal morality. All too many Americans stand ready to pimpthemselves, and thesystem is now designed to reward rather than discouragethem. This is anarrangement that the rest of the world rightly considershypocritical and,despite all talk of globalism, will never emulate. Let me give an example. I recently got an e-mail from Avaya,one of whoseemployees, Tom Porter, was leading a security team at theWorld Cup. Thee-mail proudly advertises Porter as a "a former hacker [who]got into theU.S. government database on Roswell in the early 90s." Nowhe has beenable to have a highly visible and well-paying job as chiefof Internetsecurity for FIFA and Avaya. As soon as I got this e-mail, I recalled the case of FrankAbagnale, Jr.,the fraudster whose life was made into the movie Catch Me If You Can. And, I admit, I got angry. I want to tell you why. Some of my friends in the ninth grade were aspiring computerhackers. Isuppose it was a natural impulse for a bunch of intelligentboys cooped upin an otherwise boring programming class. We tried a fewexploits but, inthe end, got caught. We were never that good in the first place, not because we lacked intelligence but because, I am convinced,of the ethosthat had survived into Denver even into the 1980s. The ethostold us thathacking was bad. We couldn't shrug this off our conscience, and so conducted our exploits rather half-heartedly. I've kept up with many of my classmates over the years.There is, in thegroup with which I am familiar, no one who has committed afelony, gone tojail, or refused to pay taxes. Everyone has walked the line. And our reward? Most of us struggle along at meaninglessoccupations, trying tomake ends meet -- punished, I maintain, by our consciences. For America no longer rewards conscience. If you killsomeone, you will beoffered a book deal. If you impersonate a doctor and nearly cause the death of a baby [like Abagnale], someone will make a comedicmovie aboutyou. If you become a hacker and endanger our government, youwill become aconsultant. If you sink a company, you will find a highposition in thatvery government. Only competence at criminality andself-promotion arerewarded. The more vicious, heartless, and inept you are, the further you'll go. If you want to talk about anti-Americanism, you can't find a better example. The culture of merit, sincerity, and principle thatonce animatedthis country is gone, and that impacts everyone from left to right. Have you seen The Man Who Shot Liberty Valance? John Wayne'scharacterrefuses to take the credit for an act that would, in thatday and age,have made him famous. His principles dictate that he cannot engage in self-promotion, which he leaves to Jimmy Stewart's character. Stewart becomes a senator and marries a woman with whom Wayne was inlove; Wayneretires from public life and dies alone. Oh, but today! After shooting Valance, Wayne would havegotten a publicityagent, launched a blog, and gone on talk shows. He wouldhave done thelecture circuit, opened a consultancy on how to shootoutlaws, and soldhis "life rights" to a Hollywood studio. I'm sorry to say it, but I hate what you might call thepost-Wayne America(and I say this despite having radically different politicsfrom Waynehimself). It's an upside-down country in which criminals become celebrities while good, hard-working people struggle alongon dollars aday. There is no longer any act divorced from its promotion. The only principle is to gather as much money and fame as possible,prostitutingyourself all the way, until you die. I do not feel that a country can long endure such principlesor such actsof decadence. They constitute a kind of rot that will, some day, turn America into the equivalent of the moribund, cynicalcountries of WesternEurope. Moreover, they are a gleeful betrayal of everyprinciple on whichthis country stood for the first two centuries of its existence. I suppose this article will be met by incomprehension frompeople who haveabsorbed their values from the post-Wayne moment in Americanhistory. As ahistorian, I am a professional pessimist, but I can't helpbut feel thatthese very people are only the tip of the iceberg; that, asin the movie15 Minutes (or, more apocalyptically, Death Race 2000),crime will payeven more than it does today. It is worth concluding with a passage from Henry Miller's The Air-Conditioned Nightmare, which captures the spirit of the changed America to which I allude: As to whether I have been deceived, disillusioned...Theanswer is yes, Isuppose. I had the misfortune to be nourished by the dreamsand visions ofgreat Americans. Some other breed of man has won out. Theworld which isin the making fills me with dread....It is a world clutteredwith uselessobjects which men and women, in order to be exploited anddegraded, aretaught to regard as useful....Whatever does not lend itself to being bought and sold...is debarred. In this world the poet isanathema, thethinker a fool, and the man of vision a criminal. Copyright 2000-2006 Line56.com _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one towin the Analyst'sChoice Award from eWeek. As attacks through web applicationscontinue torise, you need to proactively protect your applications fromhackers. Cenzic hasthe most comprehensive solutions to meet your applicationsecurity penetrationtesting and vulnerability management needs. You have anoption to go with amanaged service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how amanaged service canhelp you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for youto confirm yourresults from other product. Contact us at request () cenzic comfor details.-------------------------------------------------------------------------------------------------------------------------------------------- ---------------- This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. -------------------------------------------------------------- ----------------
----------------------------------------------------------------------------->> -
This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
----------------------------------------------------------------------------->> -
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Will the real hacker please stand up and raise their hand Mark Teicher (Jul 13)
- RE: Will the real hacker please stand up and raise their hand Williamson, Clyde (Jul 13)
- RE: Will the real hacker please stand up and raise their hand Terry (Jul 13)
- Re: Will the real hacker please stand up and raise their hand gat0r (Jul 13)
- <Possible follow-ups>
- RE: Will the real hacker please stand up and raise their hand Mark Teicher (Jul 13)
- RE: Will the real hacker please stand up and raise their hand Mark Teicher (Jul 13)
- RE: Will the real hacker please stand up and raise their hand Arian J. Evans (Jul 14)
- Re: Will the real hacker please stand up and raise their hand Mark Teicher (Jul 14)
- RE: Will the real hacker please stand up and raise their hand Mark Teicher (Jul 14)
- Re: Will the real hacker please stand up and raise their hand Thor (Hammer of God) (Jul 14)
- Re: Will the real hacker please stand up and raise their hand Mark Teicher (Jul 18)
- Re: Will the real hacker please stand up and raise their hand Jay D. Dyson (Jul 19)