Full Disclosure mailing list archives
Re: Security Industry Under Scrutiny #4
From: Anonymous <nobody () cryptofortress com>
Date: Tue, 21 Jan 2003 09:36:45 -0600 (CST)
They're already skilled at developing their own tools for "killing", and they already "kill" for various reasons, whether it be personal gain, organisational gain (ie a hacking group), or conceivably for the gain of a foreign, enemy power. To continue your comparison between wannabe hackers and amateur killers, the blackhats, therefore, are the professional hitmen. The real contract killers. The Jackal, perhaps.oh please, and you think that telling everyone about some new xml exploit is going to stop people like that? face it, buster, there is no way to stop professional hackers. but the crucial differences are: a) they generally spend less time looking for exploits and are fewer in numbers than whitehats. thus, pose less of a threat to security than the amount of information put out by the security industry to the general public.
You made the point that people hacking with information they barely understand is akin to someone that's read "Hit Man" and kills someone. Just because a blackhat doesn't look around as much for exploits, and because a professional killer kills less people in absolute numbers than regular run of the mill killers, doesn't make them any less dangerous. A blackhat still hacks people's systems without permission, and a professional killer still kills people, however you want to cut it (slasher pun not intended).
b) these people dont share their exploit information. reducing the likelihood of an attack to some random system. essentially it is safer.
Oh, I feel so much safer now. Thanks. A professional hitman is still a professional hitman regardless of whether they share their killing techniques or not. Ditto for the blackhat.
c) if the security were so great at doing its job then why do these people still exist in society? as it stands, current practices seem as though the result would be more professional hackers because more people are being informed about how to hack shit. sure there is a big leap between reading something liek nomads faq and being paid to hack shit for some terrorist organisation, but given that the audience is so large, that percentage chance is still a higher number. ******************************************************************************** but, the issue here is not that professional's liability but rather corporate responisbility in the kind of information it releases. ********************************************************************************
Look at regular society - there's always going to be run of the mill killers out there, if only because human beings are inherently fragile things, just as computer software tends to be. And society can only do so much to get rid of run of the mill killers - we understand this, and have a system of law to punish those who happen to get around our attempts to protect everyone (police, social conditioning, prohibition of certain weapons, etc). Staying the course with your hacker/killer comparison, why would you expect security companies to be able to do any better at preventing misuse of otherwise benign information than society can do preventing one person from killing another?
Which do you think an open, democratic society would see as the greater threat?the threat that wants to see the general public turned into criminals, thus degrading society and making crime more common. crime is bad for society, remember?
Sure, but even when blackhats are the ones behind it?
The threat of a vast number of people capable of "falling off the cliff" and killing other random citizens that don't have protection details etc.heh i like it how you extended this analogy to have the hacker falling on ppl to kill them. its cute, i love it :D
Ofir?
Or the threat of a select few that understand defensive tactics, walking formations, successive layers of security, what security surveys are likely to find, and are capable of assassinating the head of state?there is a difference between self defence and offense. i have nothing against self defence, i think its a basic human reaction. but to maliciously attack another human (or their computer) is illegal. and we have to stop treating hacking as though its acceptable in society. that its okay for people to
Same story again. Even when blackhats are the ones breaking into people's systems etc? Oh, "they deserved it", or "they were asking for it", or "they're a fucking narc". This is the sort of stuff that pops up on phrack.ru. Don't forget the reason why we're having this discussion - you've compared hacking without understanding what you are doing to killing people after reading the book "Hit Man". Is the victim of a blackhat any different to the victim of a bumbling whitehat? Is the victim of a professional killer any different to the victim of a bumbling amateur killer? They're still both hacked, or dead.
read through advisories and then use that information to compromise a system. its not right. and non-disclosure is one of the more effective ways to stop it.
Yes, so only the blackhats can hack and the professional killers can kill. Top idea.
You'll find your answer to this question in the degree to which organisations such as the FBI take threats against the President so seriously. They know they can protect against most random nutballs with an ounce of information and proper preparedness. They don't know they can protect against an individuals with skill, determination and the proper equipment.sorry but you're wrong. i dont find my answer here. all i see is that in your analogy the FBI can be called the "security industry" but where the FBI releases information to the public (maybe through a newspaper or tv) on how to assassinate presidents.I <3 U 2!!! 2 b4d w3 c4n n3v3r b 2g3th3r bcuzz u r a wh1t3h4t & 3y3 h8 u :(
oppositez attrakt! Don't be too hasty to think that we're on opposite sides here - I just think your comparison is a poor one. They read similarly, but if you want to legitimise being a blackhat and wipe out the whitehats, that's akin to legitimising professional hitmen and wiping out the run of the mill killers like James Perry. Is that really what you're suggesting? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 batz (Jan 21)
- Re: Security Industry Under Scrutiny #4 Silvio Cesare (Jan 21)
- Re: Security Industry Under Scrutiny #4 yossarian (Jan 21)
- <Possible follow-ups>
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Re: Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 Day Jay (Jan 21)
- Re: Security Industry Under Scrutiny #4 Silvio Cesare (Jan 21)
- Re: Security Industry Under Scrutiny #4 Day Jay (Jan 21)
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Re: Security Industry Under Scrutiny #4 The Hawklord (Jan 21)
- Re: Security Industry Under Scrutiny #4 hellNbak (Jan 21)
- Re: Security Industry Under Scrutiny #4 Ron DuFresne (Jan 22)
- Re: Security Industry Under Scrutiny #4 hellNbak (Jan 21)
- Re: Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Security Industry Under Scrutiny #4 ratel (Jan 22)
- Re: Security Industry Under Scrutiny yossarian (Jan 22)
- Re: Security Industry Under Scrutiny #4 ratel (Jan 23)