Re: BlueBoar - 'Evil' Vendors Strike Back

["CTA () HCSIN NET" <cta () hcsin net>]

On 1 Jan 2003, at 21:34, Florian Weimer wrote:

To:                     "Dehner, Benjamin T." <Btd () valmont com>
Copies to:              full-disclosure () lists netsys com
Subject:                Re: [Full-disclosure] BlueBoar - 'Evil' Vendors Strike Back
From:                   Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date sent:              Wed, 01 Jan 2003 21:34:58 +0100

> "Dehner, Benjamin T." <Btd () valmont com> writes:
>
> > This seems to be equivalent to saying the policemen are the
> > cause of evil in our society.  If everyone was a law-abiding
> > citizen, they would be out of business, so they actually
> > encourage crime.
>
> Law enforcement is not a business.  Many parts of computer
> security are, and I too think that's part of the problem.
bhH>>>in
I strongly disagree with your statement that Law Enforcement is not 
a business. Furthermore, as a bhH (Bald Hatless Hacker) I need to 
vent. 

Just as there are egotistical bombastic zealots in the commercial 
Security and Chaos (those who practice the art of Origins of 
Disorder) sectors, there exist those investigators and prosecutors in 
law enforcement who are the primary origins of disorder.  

First consider this…
Could the reason why the DOT com bubble burst, and Enron, Tycos, 
and other corporations were raped be that these CEO’s and 
Directors, and Investors have chosen the wrong or no reason to be 
in business? That is the focus or business, has been on making 
money, and not on honestly fulfilling a want or need. If the single 
reason for being in business is to fulfill a real want or need, then 
with fundamental honesty as its keystone, one applies practical and 
continuos thought, planning and observation, a successful business 
will emerge. Conversely, a business that exists without a reason 
surly will fail. Honest thought, not Money is the real business 
capital.

Now consider…
In one sense those in law enforcement are (or should be) in the 
business of fulfilling a want and need, that is investigating and 
prosecuting those who commit acts of wrongdoing against innocent 
people, in violation of the law of the land. Although money 
(resulting from bribes, kickbacks, theft and other illicit acts) may 
also be one of the primary reasons a person is in the law 
enforcement business, ego fulfillment has typically been the driving 
reason. Again, as in commercial business, law enforcement agents 
must put more effort into concentrated thought with honesty as 
their keystone arch to success. How many times have we heard of 
the incident where an agent tells an incredible informant to lie in 
order to frame another individual who may have stepped on the 
agent’s ego? 

Now it is true that there are some smart and honest people in 
Security, Law Enforcement, and even in the dark origins of disorder 
and chaos. But it is time to take a lesson from Harvey Firestone, 
Henry Ford, and Thomas Edison, and put more time into 
concentrated thinking, honesty and fulfilling a need and want. 

If a hacker finds a flaw in your software or hardware, then sit on 
your ego, thank him/her, and then after quick but concentrated 
thought disclose the problem to your customers with an honest plan 
to fix it. AND DO IT!

If a Blackhat tells you as a Whitehat who just got his/her 
certification that you’re a bumbling idiot because you have not 
gotten yours hand in the beast, then THINK, roll up your sleeves and 
get into it. Stop trying to replace thought and honest systematic 
debugging / hacking with meetings, and third hand advice from some 
crusty book worms. 

As for you Blackhats, stop your pompous pontificating and put 
some thought into how you can do a better job at creating 
controlled chaos.  Yes chaos is a good thing! Any one who is really 
master at doing Security Engineering and analysis of vulnerabilities, 
threats and attacks, will tell you that a controlled chaotic tree 
simulation the best way to model predictable production 
environment response. Some Blackhats are good at creating chaos, 
but they are out of control. You NEED STABLE FEED BACK from 
the Whitehats to drive your White noise generators. Strap on the 
Phase look loop and get some control on your chaos. 

Oh and lastly, as for those script kiddies and out right malicious bed 
wetters, either they will grow up to be Blackhats, Whitehats, maybe 
even no hat, or just die. Deal with them as we deal with any bug, 
observe them, try to train them, ignore them, and if all else fails and 
they continue to be a real pest, smash em. But remember they too 
are needed to bring balance and control to chaos. 

Hope I didn’t miss anyone…

bhH>>>out

 
> -- 
> Florian Weimer                          Weimer () CERT Uni-Stuttgart DE
> University of Stuttgart          
> http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT                 
>         fax +49-711-685-5898
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.netsys.com/full-disclosure-charter.html



==========================================
bernie|bhH >>> cta () hcsin net
==========================================
I don't ware no stiken hat...
    Bald, Hatless and Hacking since 1975
         377 and still trying to Deposit 072
***********************************************
"There is no expedient to which a man will not go to avoid the real labor of thinking."
Thought, the real business capital...Observe-Think-Plan-Think-Do-Think

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html