Re: [Full-disclosure] Security industry software license
does it matter who ur system is hacked by? no. ur system is had either way. it doesnt belong 2 u. On Tue, Dec 2, 2008 at 3:42 AM, Mike C [EMAIL PROTECTED] wrote: On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson [EMAIL PROTECTED] wrote: I agree - the biggest BS term in existence is the term Cyberterror. If my web server crashes, is it the result of a Jihadist? Do I care? Yes! The kind of exploiter decides the kind of evil thing that would be done from a zombie machine. You wouldnt want your PC to be a part of an enemy state's arsenal, or an extremist religious organization now, would you? -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson [EMAIL PROTECTED] wrote: I agree - the biggest BS term in existence is the term Cyberterror. If my web server crashes, is it the result of a Jihadist? Do I care? Yes! The kind of exploiter decides the kind of evil thing that would be done from a zombie machine. You wouldnt want your PC to be a part of an enemy state's arsenal, or an extremist religious organization now, would you? -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
On Sat, 29 Nov 2008 18:17:22 GMT, andrew.wallace said: I think we should push for this so that attack platforms that are designed for penetration testers aren't used by the bad guys. Another good article noted by Bruce Schneier: http://www.schneier.com/blog/archives/2008/11/the_ill_effects_1.html The experts said no one has actually done any research on SIM card cloning because the activity is illegal in the country. pgpOezj83u1Bz.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
Please tell me there is sarcasm there? The exploiter can either use the exploited machine to make money, which makes him indistinguisable from every other punk on the net, or they access it simply to destroy it; which makes them a malicious punk. Either way, I am not terrorized, and Ramzi al-binwhatever ain't gonna make it to paradise or get his 72 myspace virgins (or second life, or whatever). The Jihadists have no use for the levels of intelligence gathering networks that the Russian empire has. What the heck to Jihadists care who the chain of command is - they lack the military discipline to think that far ahead. - Original Message - From: Mike C [EMAIL PROTECTED] To: Joel Helgeson [EMAIL PROTECTED] Cc: Some Guy Posting To Full Disclosure [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Tuesday, December 02, 2008 2:42 AM Subject: Re: [Full-disclosure] Security industry software license On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson [EMAIL PROTECTED] wrote: I agree - the biggest BS term in existence is the term Cyberterror. If my web server crashes, is it the result of a Jihadist? Do I care? Yes! The kind of exploiter decides the kind of evil thing that would be done from a zombie machine. You wouldnt want your PC to be a part of an enemy state's arsenal, or an extremist religious organization now, would you? -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
2008/12/2, j-f sentier [EMAIL PROTECTED]: Mike C, Andrew wallace, n3td3v (which are the same person), would you please get the fuck out of this FD list ? No one want to hear your bull-shit anymore around here. 2008/12/2, Mike C [EMAIL PROTECTED]: On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson [EMAIL PROTECTED] wrote: I agree - the biggest BS term in existence is the term Cyberterror. If my web server crashes, is it the result of a Jihadist? Do I care? Yes! The kind of exploiter decides the kind of evil thing that would be done from a zombie machine. You wouldnt want your PC to be a part of an enemy state's arsenal, or an extremist religious organization now, would you? -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
I agree - the biggest BS term in existence is the term Cyberterror. If my web server crashes, is it the result of a Jihadist? Do I care? There is no such thing as a cyberterrorist. Need proof? Answer me this: If a militant Jihadist takes down the US Power Grid via a Cyber Attack, will he get his 72 virgins on MySpace? This is based on the assumption that one could find 72 Virgins on MySpace, and those claiming to be so are not pederasts themselves or FBI agents... nevertheless. Look at the methodology behind the Militant Salafic Jihadist movement; it is kill or convert in order to attain the highest order of glory in heaven. There is no caveat in place for crashing servers. The motivation behind a Jihadi hacker and a punk criminal hacker is exactly the same, to either cause malicious harm - because they can - or to gain money. End of issue. - Original Message - From: Some Guy Posting To Full Disclosure [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Saturday, November 29, 2008 7:07 PM Subject: Re: [Full-disclosure] Security industry software license Just to summarise what's been said and what I think so we can get back on topic, and conclude something: No-one hacks using metasploit! Go back to 2003. Terrorists with metasploit! What to you have a picture in your head of Mr. Jihad Bigbeard using metasploit to shutdown a powergrid? Reasons Why It's Hard to archive: - It violates freedom. - It's hard to enforce without: invading privacy, expending too much money/resources. - Most writers of these tools won't want to have to do this (most writers of security tools are hackers, you-know: back orifice, pinch, exploit kits, phising kits, malware creation kits, the entire contents of milworm, bots, THCs Hydra... it goes on. - Geographical constraints. All governments doing the exact same thing at the same time? Or one organisation forcing it onto the net (with no power to put people in jail or anything). - You cant/shouldn't moderate the internet. Reasons Why It's Pointlessly ineffective: - Piratebay. - People writing tools intended for hackers. - The massive number of tools that you'd have to moderate to be effective. - If not everything is a dangerous security tool then it's reduced in effectiveness. - Most big hacks you see don't take many tools. Like a big database being dumped with a browser/scripts. - You don't solve the problem, at all. Maybe reduce it a little. Reasons Why It Wouldn't Happen: - Most developed western governments like to keep they're 1984 I'm watching you crap behind the curtains. - Most governments only do these things because something bad happened and they have to make up a law to cover their asses, or something bigger than your rapidshare passes is at stake. - I'd protest - I'd go to my countries(UK) capital and march in protest! Reasons Why It Sucks: - It violates freedom (programs are intellectual property - you can't do that kind of thing to them and call it nice). - It would ruin the internet and break a load of enthusiastic geeks' harts. - It would force the underground hackers deeper underground. - It would discourage security professionals. Pointless things that people mentioned that made them look like a child in front of a shit load of subscribers: - Personal comments. - Attacks at the way someone writes something instead of what they write about. Questions for to think about/answer: - Would you deserve a license. Really? (me: NO!) - Would you wish you had one. (me; yeh!) - How many of the tools that'd be outlawed have you already written an equivalent of? (me: loads). - If you had to outlaw things, would you outlaw tor? (me: I don't wanna!) It's a silly idea. Final Question: - Are we finished? Is it over? Is it established that it's a bad idea now? -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
On Sat, Nov 29, 2008 at 10:17 AM, andrew. wallace [EMAIL PROTECTED] wrote: snip Now what the DHS need to do if they want to counter hackers and cyber terrorism is to focus on worth while things like developing a security industry software license scheme that vets everybody using software and gets better regulation into the industry. This is the way ahead, Yes, indeed. Freedom is always served by taking it away from those who can't afford the credentials. It's why gun control works so well. Kurt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
On Sat, Nov 29, 2008 at 7:32 PM, Kurt Buff [EMAIL PROTECTED] wrote: On Sat, Nov 29, 2008 at 10:17 AM, andrew. wallace [EMAIL PROTECTED] wrote: snip Now what the DHS need to do if they want to counter hackers and cyber terrorism is to focus on worth while things like developing a security industry software license scheme that vets everybody using software and gets better regulation into the industry. This is the way ahead, Yes, indeed. Freedom is always served by taking it away from those who can't afford the credentials. It's why gun control works so well. Kurt Gun control in Britian actually works pretty well I don't know where you live. Its all about effective management of the control, you put in bad management you're going to have bad control. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
On Sat, Nov 29, 2008 at 11:52 AM, andrew. wallace [EMAIL PROTECTED] wrote: On Sat, Nov 29, 2008 at 7:32 PM, Kurt Buff [EMAIL PROTECTED] wrote: On Sat, Nov 29, 2008 at 10:17 AM, andrew. wallace [EMAIL PROTECTED] wrote: snip Now what the DHS need to do if they want to counter hackers and cyber terrorism is to focus on worth while things like developing a security industry software license scheme that vets everybody using software and gets better regulation into the industry. This is the way ahead, Yes, indeed. Freedom is always served by taking it away from those who can't afford the credentials. It's why gun control works so well. Kurt Gun control in Britian actually works pretty well I don't know where you live. Its all about effective management of the control, you put in bad management you're going to have bad control. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
On Sat, Nov 29, 2008 at 11:52 AM, andrew. wallace [EMAIL PROTECTED] wrote: On Sat, Nov 29, 2008 at 7:32 PM, Kurt Buff [EMAIL PROTECTED] wrote: On Sat, Nov 29, 2008 at 10:17 AM, andrew. wallace [EMAIL PROTECTED] wrote: snip Now what the DHS need to do if they want to counter hackers and cyber terrorism is to focus on worth while things like developing a security industry software license scheme that vets everybody using software and gets better regulation into the industry. This is the way ahead, Yes, indeed. Freedom is always served by taking it away from those who can't afford the credentials. It's why gun control works so well. Kurt Gun control in Britian actually works pretty well I don't know where you live. Excellent - avoid the main point, focus on the minor point. To get back to the major point, I'll ask a question: How is freedom served by your recommendation? If you wish to know where I live, google me. Its all about effective management of the control, you put in bad management you're going to have bad control. This kind of management is always bad, in that it means decreasing the ability of free people to ply their trade, or even to explore the world and gain knowledge on their own. To rebut your response on the minor point, I'll ask another question - how much do you think home invasion burglaries would diminish in your country if ordinary folks could own effective means of defense? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
Oh well. Let's reverse this, the problem is not metasploit, because metasploit is not a 0days finder. Metasploit is develloped for well know vulnerability, and it's intended for penetration purpose. So if some lazy sys-admin doesn't patch them software, it's close to them own fault if they get hijacked. It's almost criminal, because they put our security (in a scenario we're a client on this network arch) totally in danger, for some money reasons. Them work is also to make sure the env is safe, so if you act only as a production mode, where money contract drive the network arch design, you're playing a game that will hurt one day or another, it's just about time. You talk about a possible danger about metasploit, so as i sayed let's reverse this, the danger is this sys-admin and corporation i was mentionning. See , with this attitude to say, oh there's a tool which can hurt us, we should ban this tool from the Internet you only contribute to make a dummier world than it is. We need to solve the root problem, which is well knowed, people got crash-landed on the internet, with the government help( i remember a period where the gov was giving 500 $ to the familly to get a computer and get on the internet) and they dont fucking know about how, why, but they go !. And compagny's are doing the same, they see a treath in metasploit,nmap,nessus,etc but it isn't ... none of them are a 0days finder, and if they should be something treated as potentiall dangerous, it's themself, and right after, the people crash-landed on the internet. So patch your fucking software, make some basic monitoring, and read FD,milw0rm,secfocus as a daily task. That's what the net is about, that's the rules , if you don't like this game, then don't put your network on the internet and go to hell, dont blame such software. See Mr wallace, this is the kind of attitude who will blow any freedom on the internet, and you contribute to this, as many others. That's the facility solution , and it's a mirror of our society. Cheers J-F ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
Just to summarise what's been said and what I think so we can get back on topic, and conclude something: No-one hacks using metasploit! Go back to 2003. Terrorists with metasploit! What to you have a picture in your head of Mr. Jihad Bigbeard using metasploit to shutdown a powergrid? Reasons Why It's Hard to archive: - It violates freedom. - It's hard to enforce without: invading privacy, expending too much money/resources. - Most writers of these tools won't want to have to do this (most writers of security tools are hackers, you-know: back orifice, pinch, exploit kits, phising kits, malware creation kits, the entire contents of milworm, bots, THCs Hydra... it goes on. - Geographical constraints. All governments doing the exact same thing at the same time? Or one organisation forcing it onto the net (with no power to put people in jail or anything). - You cant/shouldn't moderate the internet. Reasons Why It's Pointlessly ineffective: - Piratebay. - People writing tools intended for hackers. - The massive number of tools that you'd have to moderate to be effective. - If not everything is a dangerous security tool then it's reduced in effectiveness. - Most big hacks you see don't take many tools. Like a big database being dumped with a browser/scripts. - You don't solve the problem, at all. Maybe reduce it a little. Reasons Why It Wouldn't Happen: - Most developed western governments like to keep they're 1984 I'm watching you crap behind the curtains. - Most governments only do these things because something bad happened and they have to make up a law to cover their asses, or something bigger than your rapidshare passes is at stake. - I'd protest - I'd go to my countries(UK) capital and march in protest! Reasons Why It Sucks: - It violates freedom (programs are intellectual property - you can't do that kind of thing to them and call it nice). - It would ruin the internet and break a load of enthusiastic geeks' harts. - It would force the underground hackers deeper underground. - It would discourage security professionals. Pointless things that people mentioned that made them look like a child in front of a shit load of subscribers: - Personal comments. - Attacks at the way someone writes something instead of what they write about. Questions for to think about/answer: - Would you deserve a license. Really? (me: NO!) - Would you wish you had one. (me; yeh!) - How many of the tools that'd be outlawed have you already written an equivalent of? (me: loads). - If you had to outlaw things, would you outlaw tor? (me: I don't wanna!) It's a silly idea. Final Question: - Are we finished? Is it over? Is it established that it's a bad idea now? -- I'm your best best friend. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
You do care That is why you replied On 10/21/08, n3td3v [EMAIL PROTECTED] wrote: On Mon, Oct 20, 2008 at 2:45 PM, [EMAIL PROTECTED] wrote: Either I'm on your list, or I'm not. Make up your mind. I don't care anymore, I really don't care. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Sent from Gmail for mobile | mobile.google.com http://buymeahouse.stiw.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
n3td3v schrieb: there should be a central license that people apply for to use software like metasploit. Well. There's. It's called competence. Clueless people don't use Metasploit. Normally it doesn't lower the bar very much. Think of Core or Canvas. You can get this too, nevertheless it's expensive. Who's going to prevent Warez? - Right, no one. So if you're talking about a theoretical concept, you should face the reality: there's no software you can't get for free. And if there's, nothing prevents you from writing your own exploits. Just grab some source, and search through it. You'd be surprised how much crap you'll find. only letting the good guys use the software for good purposes. First build a devel, let it run, and sell the holy water. That's how it works. Without any evil approaches, we wouldn't work. Today's process of hardening needs something, which speeds it up by fear. And that's exactly what Metasploit does. It pwns incompetent management, driven by the idea to develop feature rich blaotware in no time - without caring for design, structure and security of the customers. I guess nobody who's having the good old skills needs an exploit framework. So - what's the software you're going to certify by n3rd3v license? Shellcode with 0s? :) Or some wrapper scripts? By the way: security is a market. Nothing prevents you from selling exploits at wabisabi or so. Nevertheless I wouldn't chose eBay. :) -- --__- wishinet.blogspot.com just wishi - does Netninpo __--___-_ - http://www.gnu.org/philosophy/no-word-attachments.html - PGP ID: 0xCCCA5E74 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
lets talk about who is trying to ruin who with false accusations.. you vs pauldotcom joel esler hdm isc marc sachs On Sun, Oct 19, 2008 at 12:08 AM, n3td3v [EMAIL PROTECTED] wrote: tell valdis to leave me alone then and stop trying to ruin my reputation with false accusations. On Sun, Oct 19, 2008 at 5:05 AM, Freeman Y. [EMAIL PROTECTED] wrote: Sounds like stalking to me.. Do everybody a favor and just stop posting to this list unless you have something constructive to contribute. Really. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
* I'm not a criminal right. * I'm not mentally ill lie. * I'm not a terrorist no, but u r trying hard 2 b. * I'm not an elite hacker nd u never will b. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
r u talking 2 urself? On Mon, Oct 20, 2008 at 2:47 PM, n3td3v [EMAIL PROTECTED] wrote: stop pretending to be me. On Mon, Oct 20, 2008 at 3:11 PM, n3td3v [EMAIL PROTECTED] wrote: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
we simply point out the truth. u r the 1 who proves us right. On Sun, Oct 19, 2008 at 1:09 AM, n3td3v [EMAIL PROTECTED] wrote: no thanks to robert lemos, neal krawetz, valdis kletnieks, michael simpson, ureleet and others. On Sun, Oct 19, 2008 at 6:00 AM, Freeman Y. [EMAIL PROTECTED] wrote: Believe it or not n3td3v, your reputation is ALREADY ruined. You seem not to have noticed though. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Salut, Valdis, On Fri, 17 Oct 2008 08:45:21 -0400, [EMAIL PROTECTED] wrote: You *really* don't want to follow that idea to its logical conclusion. Evil bread-eating terrorists. Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33Güterstrasse 86 Fax:+41 61 383 14 674053 Basel Web:www.sygroup.ch [EMAIL PROTECTED] signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Sun, 19 Oct 2008 04:05:41 BST, n3td3v said: you're not a member of the group but you *think* you know everything that goes on inside it, try being a member of the group first, before you comment on it so publicaly. ... you're subscribed on a random user email address and are stealthily Either I'm on your list, or I'm not. Make up your mind. (Or maybe I'm not on your list, but my evil twin Skippy is...?) pgp2yRVfn3T60.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
The fact of the matter is, the group doesn't really exist. It's mainly just me sending emails to myself about how 1337 I am...but I know I'm lying. To: full-disclosure@lists.grok.org.uk From: [EMAIL PROTECTED] Date: Mon, 20 Oct 2008 09:45:22 -0400 Subject: Re: [Full-disclosure] security industry software license On Sun, 19 Oct 2008 04:05:41 BST, n3td3v said: you're not a member of the group but you *think* you know everything that goes on inside it, try being a member of the group first, before you comment on it so publicaly. ... you're subscribed on a random user email address and are stealthily Either I'm on your list, or I'm not. Make up your mind. (Or maybe I'm not on your list, but my evil twin Skippy is...?) _ Store, manage and share up to 5GB with Windows Live SkyDrive. http://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive_102008___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
stop pretending to be me. On Mon, Oct 20, 2008 at 3:11 PM, n3td3v [EMAIL PROTECTED] wrote: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Mon, Oct 20, 2008 at 2:45 PM, [EMAIL PROTECTED] wrote: Either I'm on your list, or I'm not. Make up your mind. I don't care anymore, I really don't care. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
[EMAIL PROTECTED] schrieb: On Fri, 17 Oct 2008 09:37:59 EDT, n3td3v said: I've realized that I don't really understand what Metasploit is or does and generally have a weak grasp on the security industry as a whole. So, please disregard any of my previous, ignorant comments. I have to conclude that n3td3v has fallen under the control of The Pod People. That's the proof: Trolling causes braindamage! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Dear, Sorry I did a mistake about the price. The price is 2500 $ for this exploit. - Original Message - From: wishi [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] security industry software license Date: Sat, 18 Oct 2008 16:01:05 +0200 [EMAIL PROTECTED] schrieb: On Fri, 17 Oct 2008 09:37:59 EDT, n3td3v said: I've realized that I don't really understand what Metasploit is or does and generally have a weak grasp on the security industry as a whole. So, please disregard any of my previous, ignorant comments. I have to conclude that n3td3v has fallen under the control of The Pod People. That's the proof: Trolling causes braindamage! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ = The Better Reel Manufactures and distributes plastic (HDPE) blow-molded reels with unique locking design for use in the cable, wire, hose, and other industries. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=0d5d0ec52ed656a426beacd4c84ef767 -- Powered by Outblaze ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
That's the proof: Trolling causes braindamage! On Sat, Oct 18, 2008 at 7:52 PM, Kathib Karffi [EMAIL PROTECTED]wrote: Dear, Sorry I did a mistake about the price. The price is 2500 $ for this exploit. I think that's the proof. -- Razi Shaban ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
That's the proof: braindamage causes Trolling ! fix'd -- Razi Shaban ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Fri, Oct 17, 2008 at 1:47 PM, [EMAIL PROTECTED] wrote: 'n3td3v' is the mailing list for fans (fictitious and otherwise) of 'clueness newb' humor. you're not a member of the group but you *think* you know everything that goes on inside it, try being a member of the group first, before you comment on it so publicaly. its like commenting on something before you've tried it, your official story is you've never been a member of the group and never will. the truth is, you would be banned if you joined, and thats the reason you're subscribed on a random user email address and are stealthily monitoring the group because you're 'paranoid' that n3td3v is a bad guy and something untoward is going on. n3td3v is a lawful person, he does no law breaking, he is a security researcher and ethical hacker, who leads a google group of thousands of other white hats. you, however, are a sad network administrator at virginia tech university who has nothing better to do than noise up folks half your age, accuse them of being a bad guy and sending disinformation about my group to a high visibility mailing list. get a life valdis, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
n3td3v wrote: On Fri, Oct 17, 2008 at 1:47 PM, [EMAIL PROTECTED] wrote: 'n3td3v' is the mailing list for fans (fictitious and otherwise) of 'clueness newb' humor. you're not a member of the group but you *think* you know everything that goes on inside it, try being a member of the group first, before you comment on it so publicaly. its like commenting on something before you've tried it, your official story is you've never been a member of the group and never will. the truth is, you would be banned if you joined, and thats the reason you're subscribed on a random user email address and are stealthily monitoring the group because you're 'paranoid' that n3td3v is a bad guy and something untoward is going on. n3td3v is a lawful person, he does no law breaking, he is a security researcher and ethical hacker, who leads a google group of thousands of other white hats. you, however, are a sad network administrator at virginia tech university who has nothing better to do than noise up folks half your age, accuse them of being a bad guy and sending disinformation about my group to a high visibility mailing list. get a life valdis, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Sounds like stalking to me.. Do everybody a favor and just stop posting to this list unless you have something constructive to contribute. Really. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
tell valdis to leave me alone then and stop trying to ruin my reputation with false accusations. On Sun, Oct 19, 2008 at 5:05 AM, Freeman Y. [EMAIL PROTECTED] wrote: Sounds like stalking to me.. Do everybody a favor and just stop posting to this list unless you have something constructive to contribute. Really. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
n3td3v wrote: tell valdis to leave me alone then and stop trying to ruin my reputation with false accusations. On Sun, Oct 19, 2008 at 5:05 AM, Freeman Y. [EMAIL PROTECTED] wrote: Sounds like stalking to me.. Do everybody a favor and just stop posting to this list unless you have something constructive to contribute. Really. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Believe it or not n3td3v, your reputation is ALREADY ruined. You seem not to have noticed though. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
no thanks to robert lemos, neal krawetz, valdis kletnieks, michael simpson, ureleet and others. On Sun, Oct 19, 2008 at 6:00 AM, Freeman Y. [EMAIL PROTECTED] wrote: Believe it or not n3td3v, your reputation is ALREADY ruined. You seem not to have noticed though. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Thu, 16 Oct 2008 21:41:02 BST, n3td3v said: ... that criminal hackers use metasploit as well. Criminals use gmail too. n3td3v uses Gmail. Therefor Criminals use the phone too. n3td3v probably knows how to use the phone. Therefor... Criminals use beds to sleep. n3td3v probably uses a bed or a crib or something. Therefor.. You *really* don't want to follow that idea to its logical conclusion. pgpzQk6Rc1f3p.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
I've realized that I don't really understand what Metasploit is or does and generally have a weak grasp on the security industry as a whole. So, please disregard any of my previous, ignorant comments. Date: Thu, 16 Oct 2008 21:41:02 +0100 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] security industry software license the double edged sword of metasploit continues. while we acknowledge its a double edged sword, does that mean we don't need to monitor the bad edge of that sword? that is the point n3td3v has been making. and in a news report today by cnet news, they acknowledge: On Thursday, new code was put on the Internet that could exploit a flaw in unpatched Host Integration Servers. The exploit is part of Metasploit, a toolkit used by penetration testers and criminal hackers alike. ... that criminal hackers use metasploit as well. so shouldn't metasploit and the govt be working together to share data? im in full support of metasploit sharing data with the govt, but the thing you must do is have a privacy policy in place as well. http://news.cnet.com/8301-1009_3-10068161-83.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Stay organized with simple drag and drop from Windows Live Hotmail. http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_102008___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Fri, 17 Oct 2008 09:37:59 EDT, n3td3v said: I've realized that I don't really understand what Metasploit is or does and generally have a weak grasp on the security industry as a whole. So, please disregard any of my previous, ignorant comments. I have to conclude that n3td3v has fallen under the control of The Pod People. pgp19PoLRbFBc.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
I hope you choke on your anti-depressants and drown in your own vomit you fucking cunt. That was just rude. Netdev is a delusional paranoiac with a need to be accepted for what he's worth. Oh yeah, I forgot. I filtered him out a long time ago. I still love the Doonesbury-esque quality of his loyal fans, who continue to feed into his disease. It is a running comedy, for me at least. No offense meant. Yeah, right!!! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
well 'netdev' is supposed to be a bit of fun, there is no need for this kind of 'serious' response all the time. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Thu, 16 Oct 2008, n3td3v wrote: an *evil deeds* website and no privacy policy? c'mon, who are you trying to kid? oh yeah, the kiddies... And apparently, one of them has fallen prey - hook, line, and sinker You've been on about this for awhile now, please don't further flog the carcass -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
the double edged sword of metasploit continues. while we acknowledge its a double edged sword, does that mean we don't need to monitor the bad edge of that sword? that is the point n3td3v has been making. and in a news report today by cnet news, they acknowledge: On Thursday, new code was put on the Internet that could exploit a flaw in unpatched Host Integration Servers. The exploit is part of Metasploit, a toolkit used by penetration testers and criminal hackers alike. ... that criminal hackers use metasploit as well. so shouldn't metasploit and the govt be working together to share data? im in full support of metasploit sharing data with the govt, but the thing you must do is have a privacy policy in place as well. http://news.cnet.com/8301-1009_3-10068161-83.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Wed, Oct 15, 2008 at 7:37 AM, AaRoNg11 [EMAIL PROTECTED] wrote: Society doesn't care, just n3td3v :P Why does society care about doing this? Or is it just that you can't figure out how to use it, so you don't want others to have access to it? -- Aaron Goulden -- Aaron Goulden ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
we don't know if metasploit is already passing the download data to the government, i mean, do they have a privacy policy on their web site? nope. we just need to make that download data useful. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
i have recieved a tip off that says metasploit has no privacy policy and folks downloading from metasploit are possibly being dhs'd. we know that the authorities has set up, http://news.cnet.com/8301-1009_3-10066001-83.html, websites in the past to catch out the bad guys. my informant also says, there is no need to worry about a security industry software license because the govt are *on top of it already*. On Wed, Oct 15, 2008 at 9:13 PM, Razi Shaban [EMAIL PROTECTED] wrote: On Wed, Oct 15, 2008 at 11:35 PM, n3td3v [EMAIL PROTECTED] wrote: never download anything from a web site without a privacy policy, hahahaha. the bad guys are fucked, metasploit are probably passing the info to the department of homeland security already. hahaha. On Wed, Oct 15, 2008 at 8:28 PM, n3td3v [EMAIL PROTECTED] wrote: we don't know if metasploit is already passing the download data to the government, i mean, do they have a privacy policy on their web site? nope. we just need to make that download data useful. Did you just... reply to yourself? -- Razi Shaban ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
i was joking i dont have an informant who told me that stuff, but i thought it was pretty funny anyway. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
metasploit http://metasploit.com/ should get a privacy policy though, if they want to be taken seriously by the kiddies... On Wed, Oct 15, 2008 at 9:47 PM, n3td3v [EMAIL PROTECTED] wrote: i was joking i dont have an informant who told me that stuff, but i thought it was pretty funny anyway. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Wed, 15 Oct 2008 22:16:01 BST, n3td3v said: metasploit http://metasploit.com/ should get a privacy policy though, if they want to be taken seriously by the kiddies... But *you* already seem to be taking it seriously. And I doubt that HD Moore cares whether the other kiddies take it seriously. pgpw4EMNDdTPL.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Wed, 15 Oct 2008 21:15:16 BST, n3td3v said: i have recieved a tip off that says metasploit has no privacy policy and folks downloading from metasploit are possibly being dhs'd. Do the world a favor, and use whatever grey stuff hasn't leaked out of your cranial cavity and *think* for a moment. What would get reported to DHS: 1) Downloads by people that don't matter, because they'd almost certainly qualify for any sane program to license that sort of software. 2) Downloads by ankle-biting skript kiddies, who can be ignored because they were dumb enough to download from their own computer. What *won't* get reported to DHS: 1) Downloads by black hats smart enough to use somebody else's pwned system or TOR or something to cover their tracks. pgpqb2shL9SdM.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Wed, Oct 15, 2008 at 10:28 PM, [EMAIL PROTECTED] wrote: On Wed, 15 Oct 2008 21:15:16 BST, n3td3v said: i have recieved a tip off that says metasploit has no privacy policy and folks downloading from metasploit are possibly being dhs'd. Do the world a favor, and use whatever grey stuff hasn't leaked out of your cranial cavity and *think* for a moment. What would get reported to DHS: 1) Downloads by people that don't matter, because they'd almost certainly qualify for any sane program to license that sort of software. 2) Downloads by ankle-biting skript kiddies, who can be ignored because they were dumb enough to download from their own computer. What *won't* get reported to DHS: 1) Downloads by black hats smart enough to use somebody else's pwned system or TOR or something to cover their tracks. but the question still remains: why no privacy policy? let's see if we can challenge hd moore and his crew to write one, otherwise his site will stink of shadowcrew entrapment, even if its not. all the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
If you're going to continue having conversations with yourself I highly recommend switching to an IM client. It will provide you with more immediate gratification and the rest of us with peace and quiet and relevance. But whatever, I just remembered Gmail can filter, silly me. Goodbye n3td3v and good riddance. On Wed, Oct 15, 2008 at 5:16 PM, n3td3v [EMAIL PROTECTED] wrote: metasploit http://metasploit.com/ should get a privacy policy though, if they want to be taken seriously by the kiddies... On Wed, Oct 15, 2008 at 9:47 PM, n3td3v [EMAIL PROTECTED] wrote: i was joking i dont have an informant who told me that stuff, but i thought it was pretty funny anyway. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
I never had a conversation with myself, its called *adding a bit more on*. On Wed, Oct 15, 2008 at 10:44 PM, vulcanius [EMAIL PROTECTED] wrote: If you're going to continue having conversations with yourself I highly recommend switching to an IM client. It will provide you with more immediate gratification and the rest of us with peace and quiet and relevance. But whatever, I just remembered Gmail can filter, silly me. Goodbye n3td3v and good riddance. On Wed, Oct 15, 2008 at 5:16 PM, n3td3v [EMAIL PROTECTED] wrote: metasploit http://metasploit.com/ should get a privacy policy though, if they want to be taken seriously by the kiddies... On Wed, Oct 15, 2008 at 9:47 PM, n3td3v [EMAIL PROTECTED] wrote: i was joking i dont have an informant who told me that stuff, but i thought it was pretty funny anyway. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Wed, Oct 15, 2008 at 10:28 PM, [EMAIL PROTECTED] wrote: On Wed, 15 Oct 2008 22:16:01 BST, n3td3v said: metasploit http://metasploit.com/ should get a privacy policy though, if they want to be taken seriously by the kiddies... But *you* already seem to be taking it seriously. And I doubt that HD Moore cares whether the other kiddies take it seriously. Oh he does care, he cares a lot, because otherwise I write stuff on FD about him and his *lack of privacy policy and sending ip addresses to department of homeland security* conspiracy theories to FD. He doesn't want that, so he is scrambling right now to write up a privacy policy. :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
he can't advertise his latest software as *evil deeds* without a privacy policy, it sounds a bit *entrapment*. i was suprised though when i went to the metasploit site, scanned the footer of all the pages on his site with my eyes, and saw no privacy statement/policy. i don't care if hd moore and the dhs are doing this i think its a good thing, but make the site more realistic for fucks sake. an *evil deeds* website and no privacy policy? c'mon, who are you trying to kid? oh yeah, the kiddies... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
no privacy policy on metasploit web site = bad news for script kiddies. rejoice! On Thu, Oct 16, 2008 at 12:43 AM, n3td3v [EMAIL PROTECTED] wrote: he can't advertise his latest software as *evil deeds* without a privacy policy, it sounds a bit *entrapment*. i was suprised though when i went to the metasploit site, scanned the footer of all the pages on his site with my eyes, and saw no privacy statement/policy. i don't care if hd moore and the dhs are doing this i think its a good thing, but make the site more realistic for fucks sake. an *evil deeds* website and no privacy policy? c'mon, who are you trying to kid? oh yeah, the kiddies... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Dude, do you ever just shut the fuck up? Even though the content of your emails is of null value, it must take time to write all this junk so I am thinking you must have some severe anxiety issues, agoraphobia or are just plain old demented to consistently write whatever bullshit comes into your mind a bunch of people who don't respect/listen to a single word that comes out of your mouth. Why did you pick a security mailing list to rant on? You have no real security skills and only post regurgitated information you read on a blog or news site somewhere. Anyway... I could really care less about your security skills but on a personal level you must be so weird and uncomfortable to deal with that no one in the real world wants to be friends or even deal with you... if they did you wouldn't spend so much on mailing lists trying to sound like you are somebody and know something we don't. I hope you choke on your anti-depressants and drown in your own vomit you fucking cunt. On Thu, Oct 16, 2008 at 12:11 PM, n3td3v [EMAIL PROTECTED] wrote: oh now i'm being accused of being a script kiddie, what ever next? oh yeah, apparently im a criminal and a terrorist, and don't forget, im mentally ill. ROFL. keep the smear campaign coming... On Thu, Oct 16, 2008 at 1:06 AM, Richard A Nelson [EMAIL PROTECTED] wrote: On Thu, 16 Oct 2008, n3td3v wrote: an *evil deeds* website and no privacy policy? c'mon, who are you trying to kid? oh yeah, the kiddies... And apparently, one of them has fallen prey - hook, line, and sinker You've been on about this for awhile now, please don't further flog the carcass -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
So take it up with him like a man and not on our inboxes... On Tue, 14 Oct 2008 08:51:33 -0400 n3td3v [EMAIL PROTECTED] wrote: On Tue, Oct 14, 2008 at 1:28 PM, M. B. Jr. [EMAIL PROTECTED] wrote: And by the way, why insistently and specifically targeting Metasploit? i don't like hd moore ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Master the road in style in an RV. Click here for great deals. http://tagline.hushmail.com/fc/Ioyw6h4c7Evfgrsmgllh0mHmFQeRdEwz6YCBETi8RpbjYUUjbHisBq/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fiat licensure laws are invariably used (if not intended) to restrict new entrants in a profession. The idea is to benefit existing members in that profession (who are grandfathered into licensure by virtue of having worked in that profession for a duration) and to constrict, by law, labor competition with those who are already in that profession. In the short term, existing members benefit at the expense of the consumer of the products/services generated by members of the profession in question. In the longer term, it's possible that aggregate loss of competitiveness of the profession in question might cause alternatives to emerge and for the protected, licensed members to achieve sub-optimal economic results even among themselves. A non-identical (but related) legal construct, unions, is causing this aggregate loss in the American big 3 automobile manufacturers, as well as other economic factors. G - - Original Message - From: Freeman Y. [EMAIL PROTECTED] To: n3td3v [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Sunday, October 12, 2008 10:07 PM Subject: Re: [Full-disclosure] security industry software license This always has been, and still is, a stupid idea. n3td3v wrote: It would be a good way for the government to leverage control of hackers and the people who use their tools though. Disclosure Scotland is already in operation, all you need is a new law to say everyone who uses security software must get a Disclosure Scotland background check first. These security tools can be thought of as lock picks. Who uses them? Burglars, for sure. But so do locksmiths and people who are locked out of their homes. But is it possible to regulate these things? Really, a lock pick can be as simple as a bent paper clip that you make yourself, in the same way that even if you ban programs like Metasploit you can't stop somebody from writing their own. I think the government will introduce the security industry software license scheme and change the law to support it. There is also an option where some tools wouldn't need a license, the government would grade different types of security software depending on their effectiveness and potential damage to infrastructure and computers. I think they won't, because they know the futility of fighting with 'advanced' computer users. If we really wanted those tools, we'd get them, license or not. You're talking about hackers here. Do you really think they can't obtain some software with a license on it? You put a license on Metasploit and it'll be on Pirate Bay or something within a few days. For instance, category A,B,C...A being metasploit, C being angry ip scanner (is angry ip scanner even classed as security software, thats something that needs to be discussed as well, what defines security software?). Thats a good point - what is 'security software'? Is a web browser considered one? After all, you could do many things with a browser, like search up vulnerable websites and pen test their web apps. Hackers may start to use the category of software as a scoreboard of how elite their software is, but who cares, its a reference for the scheme and for people who need to know which software needs a license and what type of license you need, and how deep a background check has been done on individuals who already have a license and are using software, or as an indicator to people who are about to apply for a license, how indepth the background check will be. By the way, is this a global thing? I'm not really sure, but if it is, how will this be organized? C would mean no background check needed, B would mean basic background check needed, with a basic security industry software license, and A would mean advanced background check needed, with an advanced software license type. So there would be two different licenses, basic and advanced, and C for no license required. Moreover, the category system can be setup by any of you, you don't need to wait for this scheme to be introduced, securityfocus, sans diary or other vendors could start categorizing software on whatpotential damage could be caused with security software if the bad guys were to use them for evil things.---we can get the category system setup as part of a seperate project, even if the license scheme doesn't get the go-ahead, it would still be a useful thing for folks to do. Do you mean like, the level of difficulty it takes for somebody to use a tool to do something illegal? Or if its even possible with that tool? Can GCC be classified as a security tool, because technically you could use it to code any security tool in the world :) If anyone is bored and wants to compile a list of security software and categorise them all, then that would be really helpful, even if only for a pass time fun, not even for a serious reason or not part
Re: [Full-disclosure] security industry software license
On Tue, Oct 14, 2008 at 10:23 AM, Michael Simpson [EMAIL PROTECTED] wrote: * I'm not a criminal Just because you haven't been caught doing something illegal doesn't mean you are haven't engaged in illegal acts mike thinks i carry out illegal acts * I'm not mentally ill BZZZT! Wrong Checkout your psychopathology in DSM-IV. mike thinks im mentally ill * I'm not a terrorist Certainly not in the classic model but where does the when i get into MI5/MI6 i'm going to look you up and do you harm threats fit into that. Sure, you aren't making bombs in your basement/bedsit yet but it will only be a matter of time. mike thinks im a gathering threat * I'm not an elite hacker Now that is true. mike agrees im not an elite hacker Now GTFO, stalker! I presume GTFO is the new l33t thing to shout in your irc chan of choice. How very pre-teen of you. mike thinks im trying to be elite http://en.wikipedia.org/wiki/Narcissistic_personality_disorder At some point the crushing reality that you aren't very important, or clever or talented will force itself upon you. I suggest you seek professional help before you get to that point. mike mike thinks im not very important and when i realise this ill have a mental breakdown ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On 10/14/08, n3td3v [EMAIL PROTECTED] wrote: On Tue, Oct 14, 2008 at 10:23 AM, Michael Simpson [EMAIL PROTECTED] wrote: * I'm not a criminal Just because you haven't been caught doing something illegal doesn't mean you are haven't engaged in illegal acts mike thinks i carry out illegal acts do you have a problem with tenses? snip I used to be his friend but now he fell out with me, so I want to tell everyone about him, because he's a yahoo employee i used to give intelligence to, but now he backstabbed me, and he miscalculated how much i knew about him and his circle of friends. and He obviously doesn't use his real name online a lot. Back when he wasn't into security, some people got to know him pretty well. You can happily ask him about the massive amounts of time he spent in Yahoo! Chat attempting to crack names to show off to his other Yahoo buddies. /snip cracking yahoo names, by the person who says he has never done ethically or morally wrong? * I'm not mentally ill BZZZT! Wrong Checkout your psychopathology in DSM-IV. mike thinks im mentally ill snip They were just horrible people who don't really know me who have helped to ruin my life, my mental health hasn't been the same since I read accusations about me that I was a hacker and I'm doing something wrong. SecurityFocus, they never even emailed me for my side of the story, I went away to university and then realised an article and PDF file had been written about me, I couldn't cope with the pressure, so I had to drop out of university because of what was post about me, because I couldn't cope with the strain. Here I am now, picking up the peices and unemployed with no university degree, until I can reapply when i'm feeling better after the stress. /snip * I'm not a terrorist mike thinks im a gathering threat snip n3td3v is more than a name, we're fucking gangster. /snip * I'm not an elite hacker Now that is true. mike agrees im not an elite hacker Now GTFO, stalker! I presume GTFO is the new l33t thing to shout in your irc chan of choice. How very pre-teen of you. mike thinks im trying to be elite yawn http://en.wikipedia.org/wiki/Narcissistic_personality_disorder At some point the crushing reality that you aren't very important, or clever or talented will force itself upon you. I suggest you seek professional help before you get to that point. mike mike thinks im not very important and when i realise this ill have a mental breakdown snip Hey, don't laugh at him. He's like the Special kid in highschool that would try to sit at the cool table. Sure, some of the cool kids dogged on him but most just felt sorry for him and when they laughed they made it seem as though they were laughing with him. /snip i was being polite but one of the best messages ever sent to you IMHO is this http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-05/msg00029.html mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
* I'm not a criminal Just because you haven't been caught doing something illegal doesn't mean you are haven't engaged in illegal acts * I'm not mentally ill BZZZT! Wrong Checkout your psychopathology in DSM-IV. * I'm not a terrorist Certainly not in the classic model but where does the when i get into MI5/MI6 i'm going to look you up and do you harm threats fit into that. Sure, you aren't making bombs in your basement/bedsit yet but it will only be a matter of time. * I'm not an elite hacker Now that is true. Now GTFO, stalker! I presume GTFO is the new l33t thing to shout in your irc chan of choice. How very pre-teen of you. http://en.wikipedia.org/wiki/Narcissistic_personality_disorder At some point the crushing reality that you aren't very important, or clever or talented will force itself upon you. I suggest you seek professional help before you get to that point. mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Tue, 14 Oct 2008 13:03:50 BST, n3td3v said: The FBI should investigate me as well, you can't have someone like me not investigated. http://en.wikipedia.org/wiki/Narcissistic_personality_disorder pgphnLMkET8ON.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Tue, Oct 14, 2008 at 1:28 PM, M. B. Jr. [EMAIL PROTECTED] wrote: And by the way, why insistently and specifically targeting Metasploit? i don't like hd moore ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Again, you're trying to solve an issue looking at the consequences, whereas your license scheme suggestion should lay on the causes; as I wrote before, focusing consequences in this case, brings along no easy solutions. And by the way, why insistently and specifically targeting Metasploit? That is a much broader issue. Best regards, On Mon, Oct 13, 2008 at 10:00 PM, n3td3v [EMAIL PROTECTED] wrote: The intelligence about who downloads metasploit is already there, but currently it is not actionable intelligence. The license scheme would start to make that intelligence actionable, without the scheme, you've got intelligence sitting there that can't be used in an actionable way. Its all about making intelligence that is already held actionable. You've got known cyber criminals and terrorists downloading metasploit, but no legislation in place where the good guys can benefit and the bad guys be lockered out. We got to get this situation sorted, the intelligence is there, but nothing actionable can be done with it. We've got to get this license scheme implemented sooner rather than later. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Tue, Oct 14, 2008 at 3:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote: For what it's worth, the FBI now does not need a reason to investigate anyone: http://centerforinvestigativereporting.org/blogpost/20081006broaderfbipower snowsetinstone Enjoy! - - ferg The FBI should investigate me as well, you can't have someone like me not investigated. Here is the form you need: http://www.ic3.gov/default.aspx n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Tue, Oct 14, 2008 at 1:21 PM, Michael Simpson [EMAIL PROTECTED] wrote: On 10/14/08, n3td3v [EMAIL PROTECTED] wrote: On Tue, Oct 14, 2008 at 10:23 AM, Michael Simpson [EMAIL PROTECTED] wrote: * I'm not a criminal Just because you haven't been caught doing something illegal doesn't mean you are haven't engaged in illegal acts mike thinks i carry out illegal acts do you have a problem with tenses? snip I used to be his friend but now he fell out with me, so I want to tell everyone about him, because he's a yahoo employee i used to give intelligence to, but now he backstabbed me, and he miscalculated how much i knew about him and his circle of friends. and He obviously doesn't use his real name online a lot. Back when he wasn't into security, some people got to know him pretty well. You can happily ask him about the massive amounts of time he spent in Yahoo! Chat attempting to crack names to show off to his other Yahoo buddies. /snip cracking yahoo names, by the person who says he has never done ethically or morally wrong? gawd, thats me caught damn!!! * I'm not mentally ill BZZZT! Wrong Checkout your psychopathology in DSM-IV. mike thinks im mentally ill snip They were just horrible people who don't really know me who have helped to ruin my life, my mental health hasn't been the same since I read accusations about me that I was a hacker and I'm doing something wrong. damn, its conclusive now!!! SecurityFocus, they never even emailed me for my side of the story, I went away to university and then realised an article and PDF file had been written about me, I couldn't cope with the pressure, so I had to drop out of university because of what was post about me, because I couldn't cope with the strain. Here I am now, picking up the peices and unemployed with no university degree, until I can reapply when i'm feeling better after the stress. /snip oh fuck your right mike. * I'm not a terrorist mike thinks im a gathering threat snip n3td3v is more than a name, we're fucking gangster. /snip true gangster! * I'm not an elite hacker Now that is true. mike agrees im not an elite hacker Now GTFO, stalker! I presume GTFO is the new l33t thing to shout in your irc chan of choice. How very pre-teen of you. mike thinks im trying to be elite yawn have some more coffee. http://en.wikipedia.org/wiki/Narcissistic_personality_disorder At some point the crushing reality that you aren't very important, or clever or talented will force itself upon you. I suggest you seek professional help before you get to that point. mike mike thinks im not very important and when i realise this ill have a mental breakdown snip Hey, don't laugh at him. He's like the Special kid in highschool that would try to sit at the cool table. Sure, some of the cool kids dogged on him but most just felt sorry for him and when they laughed they made it seem as though they were laughing with him. /snip i was being polite but one of the best messages ever sent to you IMHO is this http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-05/msg00029.html mike hahhahaha. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Tue, Oct 14, 2008 at 3:07 PM, [EMAIL PROTECTED] wrote: On Tue, 14 Oct 2008 13:03:50 BST, n3td3v said: The FBI should investigate me as well, you can't have someone like me not investigated. http://en.wikipedia.org/wiki/Narcissistic_personality_disorder hahahaha ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Mike, you're a good troll, now GTFO. n3td3v On Tue, Oct 14, 2008 at 10:23 AM, Michael Simpson [EMAIL PROTECTED] wrote: * I'm not a criminal Just because you haven't been caught doing something illegal doesn't mean you are haven't engaged in illegal acts * I'm not mentally ill BZZZT! Wrong Checkout your psychopathology in DSM-IV. * I'm not a terrorist Certainly not in the classic model but where does the when i get into MI5/MI6 i'm going to look you up and do you harm threats fit into that. Sure, you aren't making bombs in your basement/bedsit yet but it will only be a matter of time. * I'm not an elite hacker Now that is true. Now GTFO, stalker! I presume GTFO is the new l33t thing to shout in your irc chan of choice. How very pre-teen of you. http://en.wikipedia.org/wiki/Narcissistic_personality_disorder At some point the crushing reality that you aren't very important, or clever or talented will force itself upon you. I suggest you seek professional help before you get to that point. mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
metasploit doesn't do enough to stop the bad guys downloading it, infact metasploit does nothing to stop the bad guys downloading it. half the reason is because they don't need to, there are no laws in place to say, *you need to do more* ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Wed, 15 Oct 2008 00:57:45 BST, n3td3v said: half the reason is because they don't need to, there are no laws in place to say, *you need to do more* Please explain the *full* cost-benefit analysis of passing such a law, taking into account the following: 1) The fact that the Internet is multinational (examine what the US required for ITAR export control on crytography some years ago, what that export control was supposed to do, and what happened to it). 2) The fact that the bad guys is not a well-defined legal term. You need to either go with the convicted felons may not own handguns style, or only locksmiths are allowed to have lock picking tools style. Both are fraught with legal and technical hazards (How do you verify that the person really *is* a registered locksmith in Belgrade?) Estimate the cost per year of: a) governmental programs needed to implement this b) the costs to the companies to implement c) the *actual* cost of not implementing it (remember to allow for the fact that the bad guys will in all likelyhood be able to purloin or otherwise obtain pirated copies *anyhow*). Why does society care about doing this? Or is it just that you can't figure out how to use it, so you don't want others to have access to it? pgpeWizbFB47l.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On 10/13/08, n3td3v [EMAIL PROTECTED] wrote: On Mon, Oct 13, 2008 at 2:58 AM, vulcanius [EMAIL PROTECTED] wrote: Do you honestly believe such a thing could ever happen or are you just speculating for no reason? No I wasn't on drugs when I wrote this email... but mike simpson my new stalker might speculate. you wish! you appear to be the one desperate to meet up if you want to meet up to sort out your issue, then arrange a date...im sick of you spear targeting me, fuck off. lol you wanna hurt me :-) not sure about the phallic connotations though especially as you seem so homophobic in some of your other replies Like said previously, im just a bedroom person, I have no power or ability to carry this ambition out, but there may be folks on the list who do, thats the kind of people im trying to influence right now. So while n3td3v has no power or ability, he still has a chance of being an influential figure, either now or in the future. http://en.wikipedia.org/wiki/Narcissistic_personality_disorder i had to get this http://www.disclosurescotland.co.uk/aboutds.htm to go on an ethical hacking security course, maybe we can use the same thing for the security industry software license? whoop-di-doo you don't have a criminal record *yet* i'm guessing that most of your l33t hacker mates don't have one either the big problem with the scottish criminal records office check is that it only show people that have been caught and successfully prosecuted i'm not even sure if the not proven verdict gets recorded there As various people have stated this idea is a non-starter. Move onto the next item of the infamous n3td3v agenda. Or go and get a job ffs In some countries people are ashamed of being unemployed and subsisting on state handouts. I don't mind supporting people that are attempting to move on in their lives or who are genuinely unwell, indeed i do it gladly but i have a problem with spending tax dollars on eejits that think the world owes them something because deep down they feel *so* important. mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Mon, Oct 13, 2008 at 11:00 AM, Michael Simpson [EMAIL PROTECTED] wrote: you appear to be the one desperate to meet up if you want to meet up to sort out your issue, then arrange a date...im sick of you spear targeting me, fuck off. lol you wanna hurt me :-) you would most likely just be followed home and profiled for the next 6 months, and everything about you put into the big searchable database... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Dear n3td3v, the dreamer, concerning your suggestion -- which is a noble one -- in a wider context, you'd better start with two things: * writing a whole new set of protocols to be used over a whole new independent backbone infrastructure; and * convincing the world to forget about TCP. Best regards, On Thu, Oct 9, 2008 at 10:31 PM, n3td3v [EMAIL PROTECTED] wrote: there should be a central license that people apply for to use software like metasploit. all the *respected* programmers would require the license before you get to download. anyone can apply for a licence, however only those who meet the criteria get given the licence. background checks are done on you to see you are who you say you are. that you're not a cyber criminal or terrorist, and that you're going to be using the software for the intentions of which the product was designed. verbal contracts never hold ground, saying, this software is for testing purposes isn't any guarantee that the bad guys won't use the software. we need a centralised security industry software license scheme so the good guys can take full advantage of the tools made by creators of security software, while shuttering the bad guys out. to rely on a verbal contract for security software as a safe guard is no longer enough for the security industry in light of metasploit and other borderline evil purpose software. its time that members of the industry work together to form such a scheme, to insure a streamline programme that all the good guys can be part of, only letting the good guys use the software for good purposes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Any OSI-based set, but without enforcing security-through-obscurity concepts. Maybe adapting some Bell-LaPadula ideas. There are lots of models to discuss about. The real question however is: can we start fresh? On Mon, Oct 13, 2008 at 1:57 PM, Buhrmaster, Gary [EMAIL PROTECTED] wrote: * writing a whole new set of protocols to be used over a whole new independent backbone infrastructure; and I suggest the OSI protocol stack, for the security-through-obscurity benefits. ASN.1, anybody? :) GOSIP anyone? I think the DMS was claimed to be more secure since it was based on OSI. -- Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Mon, Oct 13, 2008 at 11:00 AM, Michael Simpson [EMAIL PROTECTED] wrote: On 10/13/08, n3td3v [EMAIL PROTECTED] wrote: On Mon, Oct 13, 2008 at 2:58 AM, vulcanius [EMAIL PROTECTED] wrote: Do you honestly believe such a thing could ever happen or are you just speculating for no reason? No I wasn't on drugs when I wrote this email... but mike simpson my new stalker might speculate. you wish! you appear to be the one desperate to meet up if you want to meet up to sort out your issue, then arrange a date...im sick of you spear targeting me, fuck off. lol you wanna hurt me :-) not sure about the phallic connotations though especially as you seem so homophobic in some of your other replies Like said previously, im just a bedroom person, I have no power or ability to carry this ambition out, but there may be folks on the list who do, thats the kind of people im trying to influence right now. So while n3td3v has no power or ability, he still has a chance of being an influential figure, either now or in the future. http://en.wikipedia.org/wiki/Narcissistic_personality_disorder i had to get this http://www.disclosurescotland.co.uk/aboutds.htm to go on an ethical hacking security course, maybe we can use the same thing for the security industry software license? whoop-di-doo you don't have a criminal record *yet* i'm guessing that most of your l33t hacker mates don't have one either the big problem with the scottish criminal records office check is that it only show people that have been caught and successfully prosecuted i'm not even sure if the not proven verdict gets recorded there As various people have stated this idea is a non-starter. Move onto the next item of the infamous n3td3v agenda. Or go and get a job ffs In some countries people are ashamed of being unemployed and subsisting on state handouts. I don't mind supporting people that are attempting to move on in their lives or who are genuinely unwell, indeed i do it gladly but i have a problem with spending tax dollars on eejits that think the world owes them something because deep down they feel *so* important. mike * I'm not a criminal * I'm not mentally ill * I'm not a terrorist * I'm not an elite hacker Now GTFO, stalker! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
The intelligence about who downloads metasploit is already there, but currently it is not actionable intelligence. The license scheme would start to make that intelligence actionable, without the scheme, you've got intelligence sitting there that can't be used in an actionable way. Its all about making intelligence that is already held actionable. You've got known cyber criminals and terrorists downloading metasploit, but no legislation in place where the good guys can benefit and the bad guys be lockered out. We got to get this situation sorted, the intelligence is there, but nothing actionable can be done with it. We've got to get this license scheme implemented sooner rather than later. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
So are you talking about Actionable Intelligence? Why should the government be gathering any intelligence on me unless I am the target of an investigation? Maybe I should also have to register my I.D. to any device that I connect to the Internet. I bet that would provide lost of actionable intelligence. You proposal does not solve any problems it only creates government bloat. If you restrict the use of these tools it complicates the ability for the 'good guys' to get them not the 'bad guys'. Sent from my iPhone On Oct 13, 2008, at 8:00 PM, n3td3v [EMAIL PROTECTED] wrote: The intelligence about who downloads metasploit is already there, but currently it is not actionable intelligence. The license scheme would start to make that intelligence actionable, without the scheme, you've got intelligence sitting there that can't be used in an actionable way. Its all about making intelligence that is already held actionable. You've got known cyber criminals and terrorists downloading metasploit, but no legislation in place where the good guys can benefit and the bad guys be lockered out. We got to get this situation sorted, the intelligence is there, but nothing actionable can be done with it. We've got to get this license scheme implemented sooner rather than later. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Oct 13, 2008 at 6:43 PM, rysheve [EMAIL PROTECTED] wrote: So are you talking about Actionable Intelligence? Why should the government be gathering any intelligence on me unless I am the target of an investigation? Maybe I should also have to register my I.D. to any device that I connect to the Internet. I bet that would provide lost of actionable intelligence. For what it's worth, the FBI now does not need a reason to investigate anyone: http://centerforinvestigativereporting.org/blogpost/20081006broaderfbipower snowsetinstone Enjoy! - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI9AEJq1pz9mNUZTMRApMnAJ4qz8Yw8ZQkHtQw6Auy1Xv5jYf5DgCZAQ4F 1BH2jnYX0Gu/orDEFVpWFSI= =YA/A -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Fri, 10 Oct 2008, n3td3v wrote: there should be a central license that people apply for to use software like metasploit. Oh, do not forget a central license to use a debugger and a central license to read a book. [1] Not to mention a central license to think. [1] http://www.gnu.org/philosophy/right-to-read.html -- Pavel Kankovsky aka Peak / Jeremiah 9:21\ For death is come up into our MS Windows(tm)... \ 21th century edition / ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
It would be a good way for the government to leverage control of hackers and the people who use their tools though. Disclosure Scotland is already in operation, all you need is a new law to say everyone who uses security software must get a Disclosure Scotland background check first. I think the government will introduce the security industry software license scheme and change the law to support it. There is also an option where some tools wouldn't need a license, the government would grade different types of security software depending on their effectiveness and potential damage to infrastructure and computers. For instance, category A,B,C...A being metasploit, C being angry ip scanner (is angry ip scanner even classed as security software, thats something that needs to be discussed as well, what defines security software?). Hackers may start to use the category of software as a scoreboard of how elite their software is, but who cares, its a reference for the scheme and for people who need to know which software needs a license and what type of license you need, and how deep a background check has been done on individuals who already have a license and are using software, or as an indicator to people who are about to apply for a license, how indepth the background check will be. C would mean no background check needed, B would mean basic background check needed, with a basic security industry software license, and A would mean advanced background check needed, with an advanced software license type. So there would be two different licenses, basic and advanced, and C for no license required. Moreover, the category system can be setup by any of you, you don't need to wait for this scheme to be introduced, securityfocus, sans diary or other vendors could start categorizing software on whatpotential damage could be caused with security software if the bad guys were to use them for evil things.---we can get the category system setup as part of a seperate project, even if the license scheme doesn't get the go-ahead, it would still be a useful thing for folks to do. If anyone is bored and wants to compile a list of security software and categorise them all, then that would be really helpful, even if only for a pass time fun, not even for a serious reason or not part of the security industry software license scheme. You can still do it. It would be cool if you did it though and acknowledge the security industry software license scheme though. We talk about metasploit and the others being used for good things by good people, but why not ask the question What If the bad guys did use this software, what damage could be caused, and how far could they get? Could metasploit be used to carry out a fire sale, or just something small like finding a wireless access point thats not password protected. If software could be used in a fire sale, then it should be a category A software and require a full background check on every user who wants to use the software, just incase. Also, if you breach category A software licensing laws, you get a bigger punishment than if you were in breach of the licensing law using a category B software type. So the users know and the courts know the seriousness of the crime of not having a license, breaking the license agreement terms, and how stiff a sentence the person in breach should get. I have taken ideas from driving licensing and drug law categorization to come up with this email. So we can take ideas from current laws on driving and drug offences and put them into forming the security industry software license scheme. No I wasn't on drugs when I wrote this email... but mike simpson my new stalker might speculate. Thank you for your time, keep the ideas coming. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
The economics alone of such a set of laws is enough to realize how unrealistic it is. Not to mention the privacy concerns, international laws, enforcement, etc. In the perfect world of your imagination this might just work but in the real world it's an absolutely ridiculous idea. Do you honestly believe such a thing could ever happen or are you just speculating for no reason? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
This always has been, and still is, a stupid idea. n3td3v wrote: It would be a good way for the government to leverage control of hackers and the people who use their tools though. Disclosure Scotland is already in operation, all you need is a new law to say everyone who uses security software must get a Disclosure Scotland background check first. These security tools can be thought of as lock picks. Who uses them? Burglars, for sure. But so do locksmiths and people who are locked out of their homes. But is it possible to regulate these things? Really, a lock pick can be as simple as a bent paper clip that you make yourself, in the same way that even if you ban programs like Metasploit you can't stop somebody from writing their own. I think the government will introduce the security industry software license scheme and change the law to support it. There is also an option where some tools wouldn't need a license, the government would grade different types of security software depending on their effectiveness and potential damage to infrastructure and computers. I think they won't, because they know the futility of fighting with 'advanced' computer users. If we really wanted those tools, we'd get them, license or not. You're talking about hackers here. Do you really think they can't obtain some software with a license on it? You put a license on Metasploit and it'll be on Pirate Bay or something within a few days. For instance, category A,B,C...A being metasploit, C being angry ip scanner (is angry ip scanner even classed as security software, thats something that needs to be discussed as well, what defines security software?). Thats a good point - what is 'security software'? Is a web browser considered one? After all, you could do many things with a browser, like search up vulnerable websites and pen test their web apps. Hackers may start to use the category of software as a scoreboard of how elite their software is, but who cares, its a reference for the scheme and for people who need to know which software needs a license and what type of license you need, and how deep a background check has been done on individuals who already have a license and are using software, or as an indicator to people who are about to apply for a license, how indepth the background check will be. By the way, is this a global thing? I'm not really sure, but if it is, how will this be organized? C would mean no background check needed, B would mean basic background check needed, with a basic security industry software license, and A would mean advanced background check needed, with an advanced software license type. So there would be two different licenses, basic and advanced, and C for no license required. Moreover, the category system can be setup by any of you, you don't need to wait for this scheme to be introduced, securityfocus, sans diary or other vendors could start categorizing software on whatpotential damage could be caused with security software if the bad guys were to use them for evil things.---we can get the category system setup as part of a seperate project, even if the license scheme doesn't get the go-ahead, it would still be a useful thing for folks to do. Do you mean like, the level of difficulty it takes for somebody to use a tool to do something illegal? Or if its even possible with that tool? Can GCC be classified as a security tool, because technically you could use it to code any security tool in the world :) If anyone is bored and wants to compile a list of security software and categorise them all, then that would be really helpful, even if only for a pass time fun, not even for a serious reason or not part of the security industry software license scheme. You can still do it. It would be cool if you did it though and acknowledge the security industry software license scheme though. No, thanks. We talk about metasploit and the others being used for good things by good people, but why not ask the question What If the bad guys did use this software, what damage could be caused, and how far could they get? Could metasploit be used to carry out a fire sale, or just something small like finding a wireless access point thats not password protected. If software could be used in a fire sale, then it should be a category A software and require a full background check on every user who wants to use the software, just incase. Right and lets put baseball bats into a restricted weapons category, just incase (sic). Because of course, it _could_ be used to beat someone into a coma, thus requires a full background check etc etc etc. Also, if you breach category A software licensing laws, you get a bigger punishment than if you were in breach of the licensing law using a category B software type. So the users know and the courts know the seriousness of the crime of not having a license, breaking the license
Re: [Full-disclosure] security industry software license
On Mon, Oct 13, 2008 at 2:58 AM, vulcanius [EMAIL PROTECTED] wrote: Do you honestly believe such a thing could ever happen or are you just speculating for no reason? I believe the government might be considering such a scheme, although im just throwing the idea out there for people to comment on. I have no power, ability or will power to have anything to do with its implementation, im just trolling the idea around, maybe people who do have the will power will use my ideas to implement it. Like said previously, im just a bedroom person, I have no power or ability to carry this ambition out, but there may be folks on the list who do, thats the kind of people im trying to influence right now. So while n3td3v has no power or ability, he still has a chance of being an influential figure, either now or in the future. While I use the word trolling the idea around, that doesn't mean I don't believe in it and that im not serious about the principal of the idea. There are details that would need to be ironed out, things might be added or taken away, the category system might not be used, and there might only be a need for one license not two. Take care of yourself and each other. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
The only thing this would serve to do is cause cracked versions of tools such as Metasploit and other security scanners to be put up on sites like the pirate bay. Then, what about if somebody coded their own security tool? Would they have to have a license to use it? This whole idea goes against the idea of open source and free software. Sure, let the large corporate vulnerability scanners do whatever the hell they want with their software, but try telling an open source project that they have to close their source so that the bad guys can't get hold of their tools. A licensing system of this size would cost millions, if not billions to implement. This, along with the fact that it would be completely unenforceable when implemented makes it clear that you really haven't thought this through properly. It's like the government springing up and saying you must have a license to own a computer. Virtually every home in every MEDc has a computer already, that was bought before the licensing. There are no records of who owns a computer. Must the government go round to each home and search for a computer? If the owner hasn't got a license what do they do? Remove the computer? Sorry for this crappy metaphor, but it's something of a simillar scale and it's all I could think of to represent the absurdity of the idea. On Fri, Oct 10, 2008 at 2:31 AM, n3td3v [EMAIL PROTECTED] wrote: there should be a central license that people apply for to use software like metasploit. all the *respected* programmers would require the license before you get to download. anyone can apply for a licence, however only those who meet the criteria get given the licence. background checks are done on you to see you are who you say you are. that you're not a cyber criminal or terrorist, and that you're going to be using the software for the intentions of which the product was designed. verbal contracts never hold ground, saying, this software is for testing purposes isn't any guarantee that the bad guys won't use the software. we need a centralised security industry software license scheme so the good guys can take full advantage of the tools made by creators of security software, while shuttering the bad guys out. to rely on a verbal contract for security software as a safe guard is no longer enough for the security industry in light of metasploit and other borderline evil purpose software. its time that members of the industry work together to form such a scheme, to insure a streamline programme that all the good guys can be part of, only letting the good guys use the software for good purposes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Aaron Goulden ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Sat, Oct 11, 2008 at 9:47 AM, AaRoNg11 [EMAIL PROTECTED] wrote: A licensing system of this size would cost millions, if not billions to implement. What's a few million here, a few billion there in the name of national security? Money hasn't stopped the Department of Homeland Security implement far more stupider things in the past. No, I don't think money is the issue here, what the issue here is, is ironing out the details to make this whole thing workable and effective, and getting cross-government, cross-sector cooperation with rolling the scheme out and it be made an industry standard that everyone is agreed upon. That is the real challenge that faces us, not how much money its going to cost. We can talk about the money later, let's just get the proposal details worked out and put on the table first and see if its got a chance for any funding. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Sat, Oct 11, 2008 at 12:47 PM, n3td3v [EMAIL PROTECTED] wrote: What's a few million here, a few billion there in the name of national security? Money hasn't stopped the Department of Homeland Security implement far more stupider things in the past. No, I don't think money is the issue here, what the issue here is, is ironing out the details to make this whole thing workable and effective, and getting cross-government, cross-sector cooperation with rolling the scheme out and it be made an industry standard that everyone is agreed upon. That is the real challenge that faces us, not how much money its going to cost. We can talk about the money later, let's just get the proposal details worked out and put on the table first and see if its got a chance for any funding. werent u just the 1 bitching about the government slating 30 million for security? but i guess its okay if it's _ur_ idea instead of congress's idea? it wont work, next rant. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
I really don't understand how you even think this idea has any chance of succeeding. You obviously didn't read my response properly; not only did I address issues of money, but also the fact that it would be absolutely impossible to implement such a system due to existing infrastructures and lack of records. Please read the rest of my response properly. On Sat, Oct 11, 2008 at 5:47 PM, n3td3v [EMAIL PROTECTED] wrote: On Sat, Oct 11, 2008 at 9:47 AM, AaRoNg11 [EMAIL PROTECTED] wrote: A licensing system of this size would cost millions, if not billions to implement. What's a few million here, a few billion there in the name of national security? Money hasn't stopped the Department of Homeland Security implement far more stupider things in the past. No, I don't think money is the issue here, what the issue here is, is ironing out the details to make this whole thing workable and effective, and getting cross-government, cross-sector cooperation with rolling the scheme out and it be made an industry standard that everyone is agreed upon. That is the real challenge that faces us, not how much money its going to cost. We can talk about the money later, let's just get the proposal details worked out and put on the table first and see if its got a chance for any funding. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Aaron Goulden ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
there should be a central license that people apply for to use software like metasploit. You don't want to go there. let's go there anyway, and if hd moore doesn't comply, we can just slap some sort of law on the license to make it against the law not to require that downloaders have the license. in other words a mandatory license that all security software programmers must request downloaders show before they can obtain the software. security software programmers not in compliance with the license, will be treated as a bad guy... and a felony will have been committed, where you have allowed your software to knowingly be available to cyber criminals and terrorists, and have gone against the interests of national security in which the license is trying to protect. let's get some uk/us government backing for this license... everyone who has successfully been given a security industry software license will have their details kept on a government database, and their license reviewed periodically of a time still to be set, n3td3v recommends licenses should expire every 2 years per user, or every time your job circumstances change, and after which time your details are reviewed to check out your circumstances that you're still eligible for a license. for those who the government decide are allowed to have a security industry software license, in some ways, this is *insurance* that you have applied for in your license, in that if anything bad happens during your use of *any* security software, you may lose your license for life, or have points taken away from you, limiting your chances of being allowed your security industry software license to be renewed. what does it mean not to have a license would pretty much mean the end of your security professional career, in that, you wouldn't be able to do the job, without the tools for the job which the government has not given you permission to use. * the programmer has to register to the scheme before he/she can make available security software. * the user must have a valid security industry software license before they can download and use the software. it's like a driving license for security software, now let's get this implemented real quick. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
let's go there anyway, and if hd moore doesn't comply, we can just slap some sort of law on the license to make it against the law not to require that downloaders have the license. While we are at it, why don't we just impose government restrictions on all security related books and since a lot of the technical security issues can be found in computer science textbooks, lets impose a restriction on them as well. no, let's just keep it to security software. Criminals would still be just as capable of creating their own tools and using them. So let them, ... because they haven't registered with the scheme (which criminal programmers are unlikely to do, or want to do), they are easier to deal with under law, and so are the people using the software. I think if you did some research, which I know is a difficult thing for you to do, you'd find that the use of Metasploit contributes to a very minor percentage of crime. show me *your* research that proves that? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On 10/10/08, n3td3v [EMAIL PROTECTED] wrote: there should be a central license that people apply for to use software like metasploit. You don't want to go there. let's go there anyway, and if hd moore doesn't comply, we can just slap some sort of law on the license to make it against the law not to require that downloaders have the license. /snip stuff oh you're awake 1430 start today then not bad anyhoo Would this licence be from the same government that can't manage to work out that someone claiming for 36 new kids in 2 years isn't up to fraud? http://news.scotsman.com/aberdeen/Man-admits-child--benefit.4009052.jp Or is unable to enforce proper data protection from one of their preferred consultants? http://news.bbc.co.uk/1/hi/uk_politics/7575989.stm Or the same government that tells the scottish ambulance service that it is ok to send live data to yet another third party company by disc? http://news.bbc.co.uk/1/hi/scotland/7470006.stm Or which has lost 6 lappies in the last 12 months? snip Answered by John Swinney (Thursday, August 28, 2008): In relation to core Scottish Government (SG) directorates and close agencies using the SG network, six SG laptops have been lost during the last 12 months. Two of these were unused new machines lost in transit to their intended users by the courier company. /snip Or should the licence be handed out by the local authorities for each region after all they know all about due diligence? http://news.bbc.co.uk/1/hi/scotland/7662459.stm after all the whole icelandic banking system was based on one leveraged hedge fund which most financial people wouldn't have touched with a 60' pole That is just the uk/scottish gov. Why should HDM place any trust in governments to be able to decide who should or shouldn't have access to the software he produces? After all, your largest sec google group may qualify you to be granted this whitehat ticket that you are so keen on yet any half-hearted search of the archives would patently demonstrate that you are *way* too volatile be allowed axs to anything that could construed as harmful to other users of the intarweb. mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 let's go there anyway, and if hd moore doesn't comply, we can just slap some sort of law on the license to make it against the law not to require that downloaders have the license. While we are at it, why don't we just impose government restrictions on all security related books and since a lot of the technical security issues can be found in computer science textbooks, lets impose a restriction on them as well. In addition, anything that someone might be able to learn something illegal or dangerous from should be restricted. Why don't we just force all citizens to stay inside! That'll work well too and lower the crime rate. What you are talking about is taking away our freedom and our rights to free speech. This issue is very similar to gun control, this would only keep the good people honest and give the criminals more rights than law abiding citizens. Criminals would still be just as capable of creating their own tools and using them. So you are only making life more difficult for people who actually try to defend against these attacks. I think if you did some research, which I know is a difficult thing for you to do, you'd find that the use of Metasploit contributes to a very minor percentage of crime. -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkjvY5YACgkQGwcl4JwqQeD2gAP/Yg7u7hTSUi8mhIK9lhP6FpPVkvxD F2qeEStAwZLyBGlbNyoTs6GH6981I1esdq1/aQWMZmtYhGC9SgC1amyrvZpnwilDXN70 IjqTnFVt7oKb3t9AZ1C3S/FrHa/VIp9s4HEGWhVCAr5wJN1jlXV+0lOkM/3l0nGCqj8Q FClFEMw= =Pa6L -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Fri, Oct 10, 2008 at 3:39 PM, Michael Simpson [EMAIL PROTECTED] wrote: oh you're awake 1430 start today then not bad anyhoo you're showing signs of stalking and obsession over n3td3v, maybe its you who should get check out for mental instability, mr NHS mental health guru. you're probably in the next street waiting to see what time i leave the house. :) maybe you have pictures of me on your cell phone as well... hehehe. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Recall that government licenses historically serve mainly to limit the size of a field and enrich those who get licensed, and exclude a number of competent people. Personally I do not favor such measures...speaking for myself here. Glenn Everhart -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n3td3v Sent: Friday, October 10, 2008 10:39 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] security industry software license let's go there anyway, and if hd moore doesn't comply, we can just slap some sort of law on the license to make it against the law not to require that downloaders have the license. While we are at it, why don't we just impose government restrictions on all security related books and since a lot of the technical security issues can be found in computer science textbooks, lets impose a restriction on them as well. no, let's just keep it to security software. Criminals would still be just as capable of creating their own tools and using them. So let them, ... because they haven't registered with the scheme (which criminal programmers are unlikely to do, or want to do), they are easier to deal with under law, and so are the people using the software. I think if you did some research, which I know is a difficult thing for you to do, you'd find that the use of Metasploit contributes to a very minor percentage of crime. show me *your* research that proves that? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Fri, Oct 10, 2008 at 3:45 PM, [EMAIL PROTECTED] wrote: Recall that government licenses historically serve mainly to limit the size of a field and enrich those who get licensed, and exclude a number of competent people. Personally I do not favor such measures...speaking for myself here. Glenn Everhart i had to get this http://www.disclosurescotland.co.uk/aboutds.htm to go on an ethical hacking security course, maybe we can use the same thing for the security industry software license? side note to mike my new stalker: yep, don't worry mike, the government checked me out long ago :) http://www.disclosurescotland.co.uk/index.htm there is already vetting in place for certain security jobs and courses, so why not extend it to security software? afterall, part of the reason for the vetting for the security jobs and courses is because of the security tools they use? except the new license i propose, would be for everyone at home as well, not just folks in known about security jobs or on courses... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
Do you really think that the bad guys wouldn't be able to obtain Metasploit if they really wanted to..? Come on, you're talking about hackers here. Anything and everything can be a weapon, in the wrong hands. A screwdriver can be lethal, but it is also used to turn screws. Better to make the security of the software out there better through pen-testing with Metasploit so everybody is safer. n3td3v wrote: there should be a central license that people apply for to use software like metasploit. all the *respected* programmers would require the license before you get to download. anyone can apply for a licence, however only those who meet the criteria get given the licence. background checks are done on you to see you are who you say you are. that you're not a cyber criminal or terrorist, and that you're going to be using the software for the intentions of which the product was designed. verbal contracts never hold ground, saying, this software is for testing purposes isn't any guarantee that the bad guys won't use the software. we need a centralised security industry software license scheme so the good guys can take full advantage of the tools made by creators of security software, while shuttering the bad guys out. to rely on a verbal contract for security software as a safe guard is no longer enough for the security industry in light of metasploit and other borderline evil purpose software. its time that members of the industry work together to form such a scheme, to insure a streamline programme that all the good guys can be part of, only letting the good guys use the software for good purposes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] security industry software license
there should be a central license that people apply for to use software like metasploit. all the *respected* programmers would require the license before you get to download. anyone can apply for a licence, however only those who meet the criteria get given the licence. background checks are done on you to see you are who you say you are. that you're not a cyber criminal or terrorist, and that you're going to be using the software for the intentions of which the product was designed. verbal contracts never hold ground, saying, this software is for testing purposes isn't any guarantee that the bad guys won't use the software. we need a centralised security industry software license scheme so the good guys can take full advantage of the tools made by creators of security software, while shuttering the bad guys out. to rely on a verbal contract for security software as a safe guard is no longer enough for the security industry in light of metasploit and other borderline evil purpose software. its time that members of the industry work together to form such a scheme, to insure a streamline programme that all the good guys can be part of, only letting the good guys use the software for good purposes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
On Fri, 10 Oct 2008 02:31:06 BST, n3td3v said: there should be a central license that people apply for to use software like metasploit. You don't want to go there. They start requiring licenses to have Metasploit or Snort or Nessus, it's a slippery slope, and they'll start requiring a background check and a basic clue test before you're allowed to use an email client other than Outlook, gmail, or hotmail. And then where would you be? pgp6plAGNN3b6.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/