Full Disclosure mailing list archives
RE: Security Industry Under Scrutiny #3
From: algernon <algernon () hackmania net>
Date: Fri, 13 Dec 2002 02:54:33 -0600 (CST)
Been quite some time since I posted to a list , but I couldn't resist.. sockz/verb wrote: /* $security_flowchart_things_1-4 \* STOP Do these flowcharts NOT resemble an almost identical model to |trickle down economics" or basic human sociology ?? ( refer to whatever sociology, journalism or history fodder they spoon feed you @ your local thought and consent manufacturing .edu these days for a primer) I think here is a place to stomp out the "politics don't belong on full-disclosure" whining from the list by making a contextually apprope' comparison. If you do not add government control (or lack thereof) over communication protocols and their direct, co-relative legal and political counterparts in THE REAL WORLD to the equation, you are only lying_to_ yourself. Only when we fully realize all factors in this arena can we effectively take action towards some sort of mutually agreeable reformation process. /* Begin Criticism
There are a lot of bad people out there. People who spoil the fun for everyone.We need to design ways of transmitting information about security to people who can _improve_ security and NOT destroy it. Otherwise the entire system fails.
/* Bad_People_Rant Who exactly are the "bad people" you speak of ? a) Are they dot-slashers who mass-deface and send "Sh0u7z 70 411 m4h p47n4z" , and do no truly tangible damage besides harming the reputation of the prey usually? Yes, this can add up to $ if the prey has built its name on some sort of security reputation , but this is the exception to the rule. You could also retort for commerce driven sites who scream outrageous and farcical revenue losses due to existing or future consumer base mistrust of online financial transactions but: i) The big 3 CC companies have made it very well known that they have the consumers "back" on electronic purchases with well-crafted media campaigning. ii) If you look at the hard data , e-commerce fraud is a minute portion of the big 3's yearly deficit reports. ( see friend edgar and gewgle) iii) Premium adjustments ( raising of insurance rates) after a system compromise are not_that_bad. b) Is it the blackhat movement: who code, compromise and reside on systems in on and about the www ? Wait a sec.... I thought you were for that. Please clarify on which side of the fence you reside because you are beginning to taste a little luke-warm. c) The nice folks who would force hardware vendors to manufacture a universal, mandatory firmware backdoor for their systems to keep us all honest? (see 107th Congress 2nd Session s.2048) I have a local copy at http://www.tinfoilhat.org/s.2048.html Myself , I consider quantity (c) "bad people" , and quantity (a) a minor annoyance at best. /* End Rant
To abrubtly CONCLUDE, I'd like to SUMMARISE with my MAIN POINTS:
As would I. I realize that one person cannot assume the voice of a group , purpose or ideal , but when disseminating opinion of this nature I would suggest a group consensus of some sort lest one opinion be misperceived as mission statement. I truly enjoyed several of your arguments and thought processes on this list , as well as your charming chivalry with the pen , but this seems to be some kind of 180 unfortunately. I very much support anti-whitehat activities and the dissolution of the "security industry" in its current incarnations.
1. I make cute ascii diagrams, doncha think?
Yes you do. I hope you don't mind me taking a little liberty with the design.
2. We need to place better control measures in the following areas: a) What moderators consider to be "acceptable" advisories b) On whitehat websites that provide proof of concept code c) Lists in general, because they are read by evil ppl and not just good
SIEG HEIL!
3. The security industry is getting a bad name for itself because of money grabbing "security consultants" and participants who leech information to be used for malicious activities. We need to find a way to remove these kinds of people from the system.
Ban human nature? Perhaps a verichip mod that curbs greed mechanism in human lizard brain? Perhaps you also support the Human Genome Project. SIEG HEIL !
So what am I calling for here?
A new industry standard for operating business? Yes.
agreed. But like the phoenix, she must be burned before rebirth.
Tighter cyber-laws for websites that seem to tell ppl "how to hack"? Yes.
ALL HAIL TOM RIDGE! ALL HAIL OPERATION TIPS! ALL HAIL D.O.H.S.! SIEG HEIL! SIEG HEIL!SIEG HEIL!SIEG HEIL!SIEG HEIL!SIEG HEIL! Pardon my sarcasm , but war on info sec does not have to = dissolution of freedom. This is always a bad idea. ( see: a young, vibrant book-burning National Socialist Germany in 1938)
Computers and the internet were created to communicate and experiment. We have turned them into vehicles for profit and malicious intent. As long as we
are
supporting and communicating to those people who are destroying our society, we are communicating our _consent_ for them to continue making things worse. You say "information wants to be free", but whats the point in releasing something into the wild if its going to be captured and trained to rape
and >pillage? I somewhat agree with the sentiment here , but based on a majority of this writing , I question your judgement on who the people "destroying our society" truly are. Who is John Gault? /* random schizoid babbling 13 thrones ( colonial america ) to rule them all 13 arrows in the claw of the currency crow to penetrate them all ( eagle on the back of the $1 bill) 13 root name servers to bind them all 13 steps to nowhere *\ --------------------------------------------------------------------- Vauis Vauis Vauis , Vau-imor Wa-wim .:. "Et servientem corpori absolve vinclis saeculi" ------------------------------------------------------------------------ gpg block:http://www.tinfoilhat.org/algernon () hackmania gpg pub 1024D/B4ED2B40 2002-11-27 Algernon D. Wardenclyffe (S-Pen I.S. Non Profit) <algernon () hackmania net> Key fingerprint = 8B69 5B3A 7A1F EB5F 036B 9DBC EEBE AFB6 B4ED 2B40 sub 2048g/50412FBC 2002-11-27 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Security Industry Under Scrutiny #3 algernon (Dec 13)
- RE: Security Industry Under Scrutiny #3( addendum) algernon (Dec 13)