<Format-Fix> Re: Beyond black, white, and grey: the Yellow Hat

[Sam Jones <upoorbaby () yahoo com>]

<Sorry for the long run on paragraph of before.  This should read better.>
I have sat here and watched, patiently for months now, swearing I would not post to this list. I have not wanted to get 
involved in the childish rants and games of "you're it" that seem to be constantly played here. BUT, since everyone is 
so good at mucking up the waters, throwing stones and slinging shit, I feel it is time for a comment or two. 

First off, it is a shame that some folks seem to rant and rant about what kind of hat they wear, as if that is the 
final defining criteria as to whether you have anything to contribute to making anything better than it previously was 
or currently is. I wear a cowboy hat and I hack and monitor my own systems to keep up with my own vulnerabilities and 
on occasion will do so for friends, cause that is just the kind of person I am . In the summer my hat is white and in 
the winter it is black/brown. SO WHAT! 

Secondly, for those of you with certifications and minimal hands on knowledge, I can speak with some authority here as 
I frequently train folks like you to do the jobs their certs say they are already qualified for and on which they were 
usually hired to do. Get over yourself! Ok, so you make more money than you are qualified to make, and know less than 
you claim to know, chill out, you got away with it. Enough said. Other than, it would now be nice if you would learn 
the skills you need to excel in your chosen field. 

Also, in response to the most recent claim by "phrick", so you hacked into someone's mail server, which as I understand 
it is not owned nor managed by said person. Woohoo to you! 

Unfortunately for most of us we depend on someone else at some point to be as security minded on their systems as we 
are on our own, life doesn't always work out the way we would like. What is distressing though is seeing someone, 
specifically "hellnbak" who has recently owned up to being one of the learned through using security lists, now 
groveling at the "phrick" feet. I have to wonder if a nasty chill went up your spine that you might also be "owned" as 
they like to term it and therefore now find it necessary to shuffle your feet and do an awww shucks trying to cover 
your own "sell out behind". Posting what seemed to be a private email just to make yourself look sincere is beyond sad. 
Might know more than you care to admit about that back stabbing comment you made on a personal level eh? I have yet to 
see a contribution to this list from Steve aka hellnbak other than a lot of comments, and his often offered $0.2. How 
many times have you posted a fix for anything? 

<snip>"Today, I am part of that army of security consultants and as hard as it is to look at myself in the mirror I at 
least find comfort in knowing that I still learn a lot from these lists and I still try and take the time to understand 
the issues and not just take them and use them to try and sell work. Sure, I would rather not be yet another "security 
consultant" but until I find myself a more respectable job that lets me continue with my hobby it pays the 
bills."</snip>

 Isn't that the argument of all security consultants? But back to my point, the above is quite a change from how 
"hellnbak" felt back in August: <snip>"Tell me, based on the PHC definition of a hacker -- one who breaks into boxes, 
are you a hacker? If so, then I have to thank you for the long term employement you have given me. You guys are not the 
solution, you are part of the problem. Maybe even the root cause.</snip>

 I have no problem finding many useful suggests from Mr. Dufresne on a variety of security lists. So he isn't just 
talking the talk. I am not a security expert. With the constantly changing technology and the constant poorly written 
code out there, I am just another someone who tries to keep up with how to best secure myself, my systems and those who 
depend on me to keep them safe. I read constantly, write code when necessary and keep an eye on security lists mostly 
to make sure I don't miss anything that is happening in real time. I don't ride on the backs of anyone as I tend to 
test out anything that is posted, not being a trusting sort and if it helps me I use it otherwise I revamp it to suit 
me. Ok, so I created an anonymous email to post this with, not out of fear so much as not wanting to be bothered by the 
children (of all ages) that seem to frequent this particular list. 

Not saying there haven't been some very good debates here, just most of is it chest puffing and thumping that I usually 
find greatly entertaining but on occasion, like now find just pure sad. Shame on those of you who are making such fools 
of yourself and brava to those of you who don't get caught up in the "mine is better than yours" game! 



"Several recent studies have shown that one in every 4 Americans suffers from some form of mental disorder.  Think 
about that, if  3 of your friends seem normal, then you must be the one."    



---------------------------------
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site