I thought Francis E Dec died... On Sat, Jul 26, 2008 at 7:04 AM, n3td3v <[EMAIL PROTECTED]> wrote: > On Sat, Jul 26, 2008 at 6:02 AM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> Instead of criticizing someone for releasing an exploit (which is a bit like >> criticizing a cow for making milk) direct your attention to the fact that >> and industry of professional security researchers sat indian style (albeit >> with respectable posture) eagerly awaiting the release of this exploit when >> they had an advisory almost a month in advance. Sat like this, in the face >> of overwhelming, and nearly embarrassing, media-whoring. An advisory was >> released to foreshadow the release of a later exploit release. Nothing says >> discreet like a banner advertising a bomb. This entire saga has been >> revealing. >> > > Hi bro, > > I just had too high an expectation of HD Moore, I thought he had > turned good into a responsible and respected security researcher, > although he still is a gangster in the gangsters paradise. At least > behind a keyboard :) He will grow up one day and become a role model > for the younger generation, he's not at that stage yet. One day he > will be a Bruce Schneier who blogs away about shit, right now HD Moore > is hell bent on being an exploit code gangster. > > We gotta do something bout them exploit code gangsters, they got no > head about them, they just go free styling and releasing code all over > the town, they don't care bout shit accept street cred, cash and > chicks... the cops, they're chasing their tails, but them the exploit > code gangsters, they always one step ahead of the game, jumping and > diving hoops and loops through the laws, to get away with the shit > they do, they are the exploit code gangsters... we gotta do something > bout those exploit code gangsters, like tighten the grip on the law > and get them mofo's off our mailing list, raining on peoples parade > and shit. The F.B.I they ain't impressed, they sit and grin it, they > can't do nothin' bout those exploit code gangsters, cos they are > within the law to do their shit, and gain the credibility and gloat > bout their exploit code crimes, while surfing the law. What we gonna > do bout those exploit code gangsters? We can't do shit, they're within > the law to do their shit, we just need to grin and bear it like the > mother foookin F, B to the mother fuckin' I. The exploit code > gangsters, they get away with it, cause they are the exploit code > gangsters, they know that, we know that, who doesn't know that? > > All the best, > > n3td3v > >> Ice Breaker: >> >> On Fri, Jul 25, 2008 at 3:38 PM, n3td3v <[EMAIL PROTECTED]> wrote: >>> >>> On Fri, Jul 25, 2008 at 7:37 PM, Fredrick Diggle <[EMAIL PROTECTED]> >>> wrote: >>> > 8. PROFIT!!!! >>> > >>> >>> The security conference (Black hat) will make the most money, out of >>> ticket sales. >>> >>> On the matter of the blog entry leak, I always thought that was a >>> pretend accidental leak and not a real accidental leak. I mean we're >>> not talking about newbies here, these guys are highly intelligent >>> folks focused on information security issues, not the type of folks >>> who genuinely press send on a blog entry by mistake and not know that >>> the blog data gets cached around the internet within seconds of the >>> post going live. We shouldn't get into the conspiracy bullshit because >>> it distracts us from more important stuff, but I was always under the >>> assumption, that the information leak was done on purpose, and made to >>> look like an accidental leak. >>> >>> My focus is away from bashing Dan Kaminsky now about the over hype, >>> and now focused on HD Moore and his partner I)ruid and the legality of >>> their exploit code disclosure and their gloating that is now happening >>> as we speak. >>> >>> Attacks are starting to be reported on unpatched DNS via Nanog mailing >>> list and SANS internet storm center blog, and im not completely >>> convinced that HD Moore and I)ruid should be walking away from this >>> and not being criticized. >>> >>> Infact, im calling for big names in the industry to criticize HD Moore >>> on the mailing lists, and /or in the media. >>> >>> What I have noticed in is no big names have come out in support of >>> what HD Moore has done, so thats a good thing. >>> >>> I praise Cnet News's Robert Vamosi for not writing a single mention of >>> HD Moore or Metasploit in his recent blog write up of the exploit code >>> in the wild coverage http://news.cnet.com/8301-1009_3-9998406-83.html, >>> because to me the whole thing feels criminal, even though it might not >>> be, there is still a sense of criminality and wrongness in what HD >>> Moore has done. >>> >>> Perhaps Nate McFeters can start following Robert Vamosi's lead in not >>> mentioning HD Moore, I)ruid and the Metasploit frame work. Its too >>> late though because Nate McFeters has been promoting HD Moore and >>> I)ruid's name and the Metasploit frame work all week, so perhaps the >>> ZDnet Zero-Day blog is a lost cause already of unrepairable damage of >>> promoting the name of the bad guys who released the exploit code to >>> the wild in the first place, of which im told by Valdis Kletnieks >>> isn't a criminal offense, but in the eyes of n3td3v and the rest of >>> the industry bloody well is the wrong precedence to set in info sec in >>> promoting responsible disclosure or any kind of ethical standard. >>> >>> Hell people like HD Moore are supposed to be role models for a lot of >>> people, scratch that, HD Moore is no role model for anything anymore. >>> :( What have you become HD Moore and who is it you're trying to >>> impress? Not anyone important, maybe a lot of cyber criminal circles, >>> but certainly not the people you should be keeping on side on the >>> mailing list scene or the wider security community and industry. >>> >>> You're not a hax0r anymore who can just do what he wants and f*** >>> around releasing exploit code anymore, you're looked up to by a lot of >>> the young generation HDM, so think about that the next time you go >>> freestyle on going behind the industry's back to bring yourself five >>> minutes of fame, we all know you can program... you don't need to keep >>> proving yourself with these ridiculous irresponsible exploit code >>> disclosures anymore. >>> >>> I have one question to ask you HD Moore, What the hell are you playing >>> at??? >>> >>> All the best, >>> >>> n3td3v >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/