Re: Beyond black, white, and grey: the Yellow Hat

[Sam Jones <upoorbaby () yahoo com>]

I have sat here and watched, patiently for months now, swearing I would not post to this list. I have not wanted to get 
involved in the childish rants and games of "you're it" that seem to be constantly played here. BUT, since everyone is 
so good at mucking up the waters, throwing stones and slinging shit, I feel it is time for a comment or two. First off, 
it is a shame that some folks seem to rant and rant about what kind of hat they wear, as if that is the final defining 
criteria as to whether you have anything to contribute to making anything better than it previously was or currently 
is. I wear a cowboy hat and I hack and monitor my own systems to keep up with my own vulnerabilities and on occasion 
will do so for friends, cause that is just the kind of person I am . In the summer my hat is white and in the winter it 
is black/brown. SO WHAT! Secondly, for those of you with certifications and minimal hands on knowledge, I can speak 
with some authority here as I frequently !
train folks like you to do the jobs their certs say they are already qualified for and on which they were usually hired 
to do. Get over yourself! Ok, so you make more money than you are qualified to make, and know less than you claim to 
know, chill out, you got away with it. Enough said. Other than, it would now be nice if you would learn the skills you 
need to excel in your chosen field. Also, in response to the most recent claim by "phrick", so you hacked into 
someone's mail server, which as I understand it is not owned nor managed by said person. Woohoo to you! Unfortunately 
for most of us we depend on someone else at some point to be as security minded on their systems as we are on our own, 
life doesn't always work out the way we would like. What is distressing though is seeing someone, specifically 
"hellnbak" who has recently owned up to being one of the learned through using security lists, now groveling at the 
"phrick" feet. I have to wonder if a nasty chill went up y!
our spine that you might also be "owned" as they like to term it and therefore now find it necessary to shuffle your 
feet and do an awww shucks trying to cover your own "sell out behind". Posting what seemed to be a private email just 
to make yourself look sincere is beyond sad. Might know more than you care to admit about that back stabbing comment 
you made on a personal level eh? I have yet to see a contribution to this list from Steve aka hellnbak other than a lot 
of comments, and his often offered $0.2. How many times have you posted a fix for anything? Today, I am part of that 
army of security consultants and as hard as it is to look at myself in the mirror I at least find comfort in knowing 
that I still learn a lot from these lists and I still try and take the time to understand the issues and not just take 
them and use them to try and sell work. Sure, I would rather not be yet another "security consultant" but until I find 
myself a more respectable job that lets me co!
ntinue with my hobby it pays the bills. Isn't that the argument of all security consultants? But back to my point, the 
above is quite a change from how "hellnbak" felt back in August: Tell me, based on the PHC definition of a hacker -- 
one who breaks into boxes, are you a hacker? If so, then I have to thank you for the long term employement you have 
given me. You guys are not the solution, you are part of the problem. Maybe even the root cause. I have no problem 
finding many useful suggests from Mr. Dufresne on a variety of security lists. So he isn?t just talking the talk. I am 
not a security expert. With the constantly changing technology and the constant poorly written code out there, I am 
just another someone who tries to keep up with how to best secure myself, my systems and those who depend on me to keep 
them safe. I read constantly, write code when necessary and keep an eye on security lists mostly to make sure I don't 
miss anything that is happening in real time. I d!
on't ride on the backs of anyone as I tend to test out anything that is posted, not being a trusting sort and if it 
helps me I use it otherwise I revamp it to suit me. Ok, so I created an anonymous email to post this with, not out of 
fear so much as not wanting to be bothered by the children (of all ages) that seem to frequent this particular list. 
Not saying there haven't been some very good debates here, just most of is it chest puffing and thumping that I usually 
find greatly entertaining but on occasion, like now find just pure sad. Shame on those of you who are making such fools 
of yourself and brava to those of you who don't get caught up in the "mine is better than yours" game! 


"Several recent studies have shown that one in every 4 Americans suffers from some form of mental disorder.  Think 
about that, if  3 of your friends seem normal, then you must be the one."    



---------------------------------
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site