Full Disclosure mailing list archives
Re: BlueBoar - 'Evil' Vendors Strike Back
From: "CTA () HCSIN NET" <cta () hcsin net>
Date: Wed, 1 Jan 2003 23:02:23 -0500
On 1 Jan 2003, at 21:34, Florian Weimer wrote: To: "Dehner, Benjamin T." <Btd () valmont com> Copies to: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] BlueBoar - 'Evil' Vendors Strike Back From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE> Date sent: Wed, 01 Jan 2003 21:34:58 +0100
"Dehner, Benjamin T." <Btd () valmont com> writes:This seems to be equivalent to saying the policemen are the cause of evil in our society. If everyone was a law-abiding citizen, they would be out of business, so they actually encourage crime.Law enforcement is not a business. Many parts of computer security are, and I too think that's part of the problem.
bhH>>>in I strongly disagree with your statement that Law Enforcement is not a business. Furthermore, as a bhH (Bald Hatless Hacker) I need to vent. Just as there are egotistical bombastic zealots in the commercial Security and Chaos (those who practice the art of Origins of Disorder) sectors, there exist those investigators and prosecutors in law enforcement who are the primary origins of disorder. First consider this Could the reason why the DOT com bubble burst, and Enron, Tycos, and other corporations were raped be that these CEOs and Directors, and Investors have chosen the wrong or no reason to be in business? That is the focus or business, has been on making money, and not on honestly fulfilling a want or need. If the single reason for being in business is to fulfill a real want or need, then with fundamental honesty as its keystone, one applies practical and continuos thought, planning and observation, a successful business will emerge. Conversely, a business that exists without a reason surly will fail. Honest thought, not Money is the real business capital. Now consider In one sense those in law enforcement are (or should be) in the business of fulfilling a want and need, that is investigating and prosecuting those who commit acts of wrongdoing against innocent people, in violation of the law of the land. Although money (resulting from bribes, kickbacks, theft and other illicit acts) may also be one of the primary reasons a person is in the law enforcement business, ego fulfillment has typically been the driving reason. Again, as in commercial business, law enforcement agents must put more effort into concentrated thought with honesty as their keystone arch to success. How many times have we heard of the incident where an agent tells an incredible informant to lie in order to frame another individual who may have stepped on the agents ego? Now it is true that there are some smart and honest people in Security, Law Enforcement, and even in the dark origins of disorder and chaos. But it is time to take a lesson from Harvey Firestone, Henry Ford, and Thomas Edison, and put more time into concentrated thinking, honesty and fulfilling a need and want. If a hacker finds a flaw in your software or hardware, then sit on your ego, thank him/her, and then after quick but concentrated thought disclose the problem to your customers with an honest plan to fix it. AND DO IT! If a Blackhat tells you as a Whitehat who just got his/her certification that youre a bumbling idiot because you have not gotten yours hand in the beast, then THINK, roll up your sleeves and get into it. Stop trying to replace thought and honest systematic debugging / hacking with meetings, and third hand advice from some crusty book worms. As for you Blackhats, stop your pompous pontificating and put some thought into how you can do a better job at creating controlled chaos. Yes chaos is a good thing! Any one who is really master at doing Security Engineering and analysis of vulnerabilities, threats and attacks, will tell you that a controlled chaotic tree simulation the best way to model predictable production environment response. Some Blackhats are good at creating chaos, but they are out of control. You NEED STABLE FEED BACK from the Whitehats to drive your White noise generators. Strap on the Phase look loop and get some control on your chaos. Oh and lastly, as for those script kiddies and out right malicious bed wetters, either they will grow up to be Blackhats, Whitehats, maybe even no hat, or just die. Deal with them as we deal with any bug, observe them, try to train them, ignore them, and if all else fails and they continue to be a real pest, smash em. But remember they too are needed to bring balance and control to chaos. Hope I didnt miss anyone bhH>>>out
-- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
========================================== bernie|bhH >>> cta () hcsin net ========================================== I don't ware no stiken hat... Bald, Hatless and Hacking since 1975 377 and still trying to Deposit 072 *********************************************** "There is no expedient to which a man will not go to avoid the real labor of thinking." Thought, the real business capital...Observe-Think-Plan-Think-Do-Think _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: BlueBoar - 'Evil' Vendors Strike Back Florian Weimer (Jan 01)
- Re: BlueBoar - 'Evil' Vendors Strike Back security (Jan 01)
- Re: BlueBoar - 'Evil' Vendors Strike Back CTA () HCSIN NET (Jan 01)