L0pht And The FBI 140
A reader recently submitted a story from The Reg concerning some questioning of l0pht ? , @stake ? , and the general business of security. The article itself is harsh, but raises some interesting points.
This discussion has been archived.
No new comments can be posted.
L0pht And The FBI
Related Links Top of the: day, week, month.
Beware the new TTY code!
Heres the entire thing if it *disapears* (sorry if (Score:1, Redundant)
Re:Heres the entire thing if it *disapears* (sorry (Score:1)
All you did was to waste space in the
Re:Heres the entire thing if it *disapears* (sorry (Score:1)
- HeXa
Re:Heres the entire thing if it *disapears* (sorry (Score:1)
Looks like someone has an axe to grind and this week it's none other than someone they know of!
Re:OMFG (Score:1)
Re:Looks like a giant penis measuring contest to m (Score:1)
The old saying (Score:2)
This article is basically one big troll (Score:3, Insightful)
A typical quote from this article
"There does indeed appear to be a circle jerk between commercialized blackhat sellouts and the Feds; and the cons do appear, perhaps inadvertently, to provide the venue and privacy needed for such liaisons."
There is no substance whatsoever for any of the wild claims this bloke is making. Leet-speak junk.
Re:This article is basically one big troll (Score:1)
http://theregister.co.uk/content/55/26202.html
It's from the same guy, who wrote that another article in The Register
What the fuck? (Score:1)
Oh wait... Do I have to say 'l33t huh?' to get my point across now.
Re: (Score:1)
Re:IF I EVER MEET YOU, I WILL KICK YOUR ASS!!!! (Score:2)
They seem to try to fight back (Score:4, Interesting)
And not doing a very good job at it...
Re:misquotin' the Flav, holmes (Score:2, Interesting)
Word on the Street... (Score:1, Funny)
Attaboy, Gweeds!
Hacking and Ethics are two different entities (Score:5, Insightful)
All the author of this article is doing is reposting a very important rant made by someone at H2K2. The substance of that rant is: the rewards a hacker or hacker group can receive for ratting out malicious hackers is strong, and it is more than likely that a high profile hacking group has done so at one time or another. We are all human.
Re:Hacking and Ethics are two different entities (Score:1)
Aren't we used to hear this kind of behaviour from the cracker scene? Or the warez trading scene? Or maybe even the video tape pirating scene (is this one still out there?)?
Sure, if the feds are holding you by the balls, you have to be a very strong person to not try to cooperate. Now, in this case they seemed to have cooperated voluntarily, i.e. for the money. Well, that's the world we live in. Everybody sells everybody out for a few bucks. Depressing, but we better get used to it.
I think the problem lies in (Score:5, Interesting)
Viruses (Score:4, Interesting)
Norton's makes a killing on viruses. It would not suprise me to find out that they write them too... or hire people that have written them.
As long as Microsoft can't make a secure system and corporations keep buying into their line of FUD and crap products, they create thousands of jobs that are nothing but leaches on the system.
The beauty of linux is you only have to pay your administrators to make your systems better, and not hire extras just to do disaster recovery.
One full time admin for every 50 windows machines just because of security holes and viruses compared to 1 admin for every 150 Mac/Linux/FreeBSD boxes.
Do the math: Windows initial price is higher, and upkeep is higher even if you have to pay twice as much to hire a good unix admin than you have to pay for a dime a dozen MCSE
Execs must get some great kickbacks from Microsoft.
Re:Viruses (Score:2)
Re:Viruses (Score:1)
And Windows? Microsoft only. End of story.
Re:Viruses (Score:5, Insightful)
Your security was compromised by Microsofts marketing for god's sake. Oh, I'm sure you had a firewall on port 1900/UDP and port 5000/UDP right?
The timing:
"On December 20, 2001, eEye Digital Security, the security firm that gave the Code Red worm its name, announced the discovery of "major security vulnerabilities"[1] in Microsoft's flagship operating system, Windows XP. Specifically, the vulnerabilities were discovered in Microsoft's Universal Plug and Play feature, which ships by default with XP. On that same day Microsoft released a patch [2] that resolved the issue; however, it was a dismal ending to a year that saw security flaws in Microsoft products announced in the press on a weekly basis [3] and exploited in hundreds of thousands of computers worldwide."
The vulnerability:
"When eEye announced the discovery of the UPNP vulnerability [9], they described three attack scenarios; a remotely exploitable buffer overflow, a Denial of Service attack and a Distributed Denial of Service attack. Of these three, the buffer overflow is by far the most serious. It could lead to a remote compromise of a machine, surrendering complete control of the machine (and possibly an entire network) to its attacker."
Microsoft knew about this hole on the launch date. The XP Cd had gone gold so they could not change it before it reached consumers. They waited until a third party discovered the hole and published before releasing the patch.
The disgust this decision generated caused such a backlash, Bill announced the "Trustworthy Computing" initiative.
There have been 7 exploits found since then.
There will be 7 more found before the end of this year.
Your Windows network is vulnerable no matter how good your admins (1 per 50 machines) are because only Microsoft can issue patches and they have proven to be criminally irresponsible where security is concerned.
Re:Viruses (Score:1)
hmmz...
Re:Viruses (Score:1)
Re:Viruses (Score:2)
I have never seen a legitimate business case for permitting "inside" hosts to have any direct UDP communication with "outside" hosts. Period.
Re:Viruses (Score:3, Interesting)
The liability it would open them up to is way too high for it to be worth it. They'd rather pass on hiring an otherwise perfect candidate than expose themselves to that sort of legal risk.
Now, that's not to say that some Norton employees haven't written a virus before, just that Norton doesn't know, and said employees are (wisely) keeping their traps shut.
Oh boy, talk about such utter self importance. (Score:3, Insightful)
Re:Oh boy, talk about such utter self importance. (Score:1)
If that were only true... (Score:4, Interesting)
Yes, they're fakes. But they're fakes with a good PR people, and they're good at scaring the shit out of those in power. Has anyone seen the kind of things they claim to be able to do? It's ridiculous.
Hard core computer guys? (Score:2)
Now appearring on l00t r@w (Score:1)
-a
Re:Now appearring on l00t r@w (Score:1)
- HeXa
Re:Now appearring on l00t r@w (Score:2)
Who cares ? (Score:1, Insightful)
Some people will now say: "ohn, p0rn has found the 3xpl017 for the buffer overflow at IIS 576.37376SGHAF 54678"
But sorry sonny, this is no skill.
In fact any kiddie with a debugger can create an buffer overflow exploit. If you analyze the "h4x0r" tool these groups publish, you'll soon notice that they are basically based at extremely low technological levels, usually stuff like brute-force password crackers (around since the 70ies) like l0phtcrack and bo-exploits etc.
Any CS undergrad with decent programming skills could do these things.
It's no surprise that the most famous "h4x0rs" got their fame from with breack-ins done by social engineering or at boxen with extremely low security.
For being a real security expert you need extremely broad scientific knowledge and not just a long list of memorized UNIX commands. And these dudes don't have this knowledge at all, e.g. I would be surprised if one of them knows the Riemannian Zeta function at all.
There is a good sign for a bad security company: if they start to hire h4x0r5, then they have no clue at all. And of course we don't need to discuss the issue of "security companies" founded by h4x0r5 at all.
Personally I not surprised of these claims that they sold out each other to the FEDs. These guys are a bunch of no clue wannabe experts with a pathological hang for gaining attention. Such people do such things.
Re:Who cares ? (Score:5, Interesting)
Re:Who cares ? (Score:2, Funny)
Look at this example:
"The Smirnov Metrization deal is going down at 8 Jordan Separation Theorms"
See? There is a hidden message here that no-one but the greatest security minds can crack. All others see this and go into a drooling daze as they're flooded with memories of high school algebra. Not only do they stop the attack, they will never try again for fear of visions of two trains traveling at different speeds...
Where's the Love!? (Score:1)
Re:Who cares ? (Score:1, Funny)
Re:Who cares ? (Score:1)
Ya, you got it on the spot. He's Mensa. What? Are you surprised?
Re:Who cares ? (Score:1)
Re:Who cares ? (Score:1)
Duh. (Score:1)
Seriously, encryption is my best guess, but it sounds like another one of those "that's what computers are for" deals. I could be wrong. Maybe. Not likely, but it is an infintesimal possibility.
Re:Who cares ? (Score:2)
Re:Who cares ? (Score:3, Insightful)
I would be thrilled to know how the Riemann (not Reimann) zeta function relates to being a real security expert. As far as I can see, this post was no different than the "1337er-than-U" pissing-contest that formed the majority of this article.
Re:Who cares ? (Score:1, Insightful)
The problem with 'real security experts" is that all they do is talk the talk. They publish page after page of policy and descriptions of various hypothetical problems. The hacker kiddies actually walk the walk. They may not have a fancy education, but they can make or break a machine.
The ideal mix is a "security expert" designing policy while several "hacker kiddies" implement it. The windbag security experts I've met would never take the time to make sure that all of the suid binaries on their servers don't have buffer overflows. (just one of a zillion examples)
As for mathematics: I've never heard of a Riemannian Zeta, but there is a RiemannZetafunction. This function is related to the prime number theorem. I guess this may be useful for working with public key cryptography -- I really dunno -- and it really doesn't matter!
It really boils down to this: when was the list time you discovered some property about network/system security and invented a unique solution?
I know several "hacker kiddies" , and even several hackers themselves, some being discussed in The Register's lame attempts at "News", who could compile an answer to the above question that would require volumes to fill.
Of course it a biologist or chemist did this, no one would be accusing them of being a sellout, or furthermore, a "kiddie"!
Re:Who cares ? (Score:5, Funny)
"Hey! You forgot the 'Riemannian Zeta function'", he noted.
Talk about a professional faus paux - that changed my entire ruleset. I knew then was the time to lock my screen and go get a coke from the break room. If I forgot such a mainstay to information security, I obviously needed a break.
The odd thing is that I was using the "Riemannian Zeta function" to harden a server that was going on the DMZ just that morning. And its also prominently featured in many of our infosec policies and best practices documentation - some of which I helped write. Hell - many arguments over infrastructure issues with the rest of the IT department has been solved by getting everyone in conference room and hashing out a zeta function on the whiteboard. I mean... sure, you still have a few dissenters. But its hard to maintain a rational stance in the face of pure mathmatics.
How is this a bad thing? (Score:2, Interesting)
The rush to publish and take credit for discovering and patching a new exploit hobbles the positive efforts of blackhats with a social conscience (though admittedly no one knows how big a category that is).
Exploits are getting disclosed (and patched) more rapidly. How is this a bad thing? Wasn't it just a week ago that Slashdot was running articles deriding Microsoft for attempting to prevent the dissemination of vulnerability info?
I must agree that the whole find-exploit-get-VC thing is nonsense, but the losers in that game are the investors, and I really don't care if they get screwed.
Re:How is this a bad thing? (Score:1)
Right now nothing is disclosed unless blackhats know of it.
Already a bunch of updates... (Score:3, Interesting)
Please slashdot keep up with the news flow.
P.S. this Mudge [go.com] guy seems to me a bit of a poser
journalistic objectivity? (Score:2)
At the beginning of the piece, he used the phrase "my boy Gweeds". Whether he explicitly said he believed Gweeds claims about l0pht and @stake is more or less irrelevant, since he didn't distance himself from Gweeds' claims at all in any of his articles. He should give up trying to pretend he's being objective, and admit that he's playing Devil's advocate, as he says it's healthy to.
Greene provides, in his articles, supporting evidence for claims that l0pht have "sold out". That pretty much makes it impossible for him to deny any responsibility for anything. Not that that's a bad thing: It's good when media people come up with stuff and stand behind it. If he's misinterpreted stuff, someone will say why and then we'll know what's really going on.
from the say-it-ain't-so dept. (Score:1)
Re:from the say-it-ain't-so dept. (Score:1)
Heck... would of been more informative if it was written in 1337 5p34k.
- HeXa
Why is this even newsworthy? (Score:1)
All that "ethics" bullshit is just underground PR for the ignorant folks who have no clue as to what real hacking is.
Article? (Score:2, Insightful)
good points (Score:5, Insightful)
As far as the specific finger pointing at specific people, I don't really care and there probably was both truth and falsehoods contained in them. I don't care about that part of it, the specifics. As far as the *general* tone, I tend to agree with it.
Hackers break into systems and networks despite whatever technical roadblocks and threatened legal roadblocks are in their way. On the other side is law enforcement, who imprisons them, and corporate security people who try to prevent breakins from a technical standpoint and who work with law enforcement. These two sides are in *conflict* and as laws become more draconian (the recent retroactive hacker laws, or the life imprisonment hacker laws in the US) and hysteria about "cyber-attacks" or whatever they're called on the news grows, this only sharpens the definitions between the two conflicting groups.
This notion that there is a kind of continuity, with "black hats", "grey hats" and "white hats" and law enforcement all blending into one another is ridiculous. For that part, anyone actively engaged in the type of law breaking that the government is interested in enforcing would be crazy to go to these cons, or being a known person in these circles.
The skilled hackers I have known usually had regular contact with a handful of people and never went to cons. And even many of them got busted. Don't forget TAP's [jammed.com] 3rd commandment of phreaking - "every 3rd phreak is an FBI agent".
There's a circle of people who always have, and always will, keep to themselves, get into systems and stay there unobtrusively, who are usually very good at programming, hacking, or social engineering. They seize the means of production, for a short time, from the bourgeoisie for themselves. Some of them don't even hack, they just look for buffer overflows, race conditions, or whatever the hell people look for nowadays, and pass them on to the people who do hack when they do find them. Security always exists so a small elite can hoard to themselves ownership and control of most of the pie, usually directly for, if not, as a side result of. For those like me who agree with Proudhon that "property is theft", what is obscene is not that some 16 year old wants to get into Monsanto's network, but what is obscene is Monsanto, it's profits which it expropriates from the surplus labor [att.net] time of it's workers, it's frankenfood, toxic dumping and poisoning of the environment, and the security apparatus it employs, from it's software and hardware security, to it's onstaff security, to the state security apparatus, that maintains and continues it's existence. Most of the computer community is repulsive to look at, but at least there's some hope.
Re:good points (Score:1, Flamebait)
Re:good points (Score:3, Insightful)
All I really want is to have a good life; To be able to eat, and to live comfortably, and do things I like. (It makes me happy to know that other people are also having good lives, which is why I dislike exploitation/sweatshops/crap like that). The easiest way to get stuff you want in Canada, where I live, is to make money. There's nothing intrinsically good about money itself. Systems very different from capitalism are possible, and people living under such systems probably still want to have a good life, but they may or may not want to make money, depending on the system.
Note that Western capitalism measures everything in dollar value. The state of the environment and public health have no value to a corporation, except when laws and liability translate actions into dollars taken away from the company. (Corporations are run by people, and some of those people do apply their moral values to things, but the system as a whole measures everything on the same scale: dollar value.)
Re:good points (Score:1)
Re:good points (Score:3)
Proundhon (sp?) was, I believe, an anarchist. The "property is theft" was only one of a series of statements. It goes (roughly):
Property is theft.
Property is impossible.
Property is liberty.
The assertion is that these are all true statements. If you understand them properly. They are embedded in a context that makes them intelligible (though I can't remember just how it goes). And once you understand them, they don't seem unreasonable at all, though I thought that they lacked a bit of being really convincing.
But when people quote "property is theft" out of context, it's almost guaranteed to be misunderstood. And your reply seems a fair piece of evidence that many people won't even know that they have misunderstood it. It wasn't intended as a slogan, so this isn't your fault, and it isn't the author's fault. But it does represent a severe mis-communication.
context Re:good points (Score:1)
http://dhm.best.vwh.net/archives/proudhon-prope
The quote is in Ch 1.
Did you have to link to everything2? (Score:1)
http://www.everything2.com/index.pl?node=oily&l
Turds Float (Score:2)
Sad to see even h4x0rZ can't avoid it.
Re:Turds Float (Score:1)
i think it's called the Peter Principle [about.com] and it hits every sector, regardless.
example given: Dilbert's Manager [dilbert.com]!
(except maybe HORECA -hotels,restaurants,cafés)
Almost (Score:2)
Re:Almost (Score:1)
Security (Score:3, Interesting)
It's not about protecting, it's about avoiding.
For example I can own a gun and kill somebody but I won't because I know that isn't right and that I appreciate things for the effort that has been put into them.
Making people understand the value of everything is our key initiative because blocking everything from happening is the worst way we can go and will block us from being free just as in comunism.
Honestly, all the security breaches and exploits have to be explained on the main page of any publication.
"The most beautiful thing we can experience is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: his eyes are closed." Einstein
security sellouts (Score:3, Interesting)
Re:security sellouts (Score:4, Interesting)
It was at that moment that I knew L0pht had sold out. As punishment, I suggest officially taking the leetness out of their name: Loft.
Boys? (Score:2)
Wouldn't surprise me (Score:2)
Today I am embarassed to be a geek ... (Score:2, Interesting)
Today's hacking community largely, I say largely NOT completely, consists of people who have seen Hackers, Lawnmower Man, The Matrix, etc. or have read Snowcrash, The Long Run, or Neuromancer. These people suggest that there is some sort of romance to computing. That in some way it is "cool". I am offended by this! These were fun and interesting sorts of literature, but they are based on a the "Football Jock" and "Class President"'s view of computers, NOT reality.
Yeah I used to proud to be a geek, but now when I say that people think I'm trying to be cool and that MAKES ME SICK! It's too bad that what was once a community of people just interested in expanding their minds and that of others in figuring out problems and "sharing" the solutions with those that helped them has turned into a bunch of people who's only commonality is that they use a slang form of language that is designed purely to make them look "cool".
Yeah, I used to be proud to be a geek, but I'm afraid I'm just not "cool" enough to be one. I am truly sorry if this offends any of my "actual" peers, but I suppose I am just tired of being associated with this "new" breed of geeks. I just like the ordered world of 0 or 1. It WAS soooo peaceful there. Sad
Re:Today I am embarassed to be a geek ... (Score:1)
The simplest solution is be who you really are, don't fall into the "styles" make your own styles, be a rebel without a cause if needed. Your more likly to earn the respect of others if that's what your looking for. Otherwise, wait for the others to make a mistake, then kick them down.
Nothing hurts a punk or a "cool dude" or punk ass bitch that thinks they know it all, more then being kicked down by the guy who rarely says anything but knows more then most.
more complex than presented (Score:2, Interesting)
Yes, I know all of the l0pht guys, many others from @stake, and I know gweeds. I do not trust gweeds' motives in this supposed expose, he seems to have become obsessed with publicity, and destructive rhetoric seems to be the easiest way to achieve it ("fuck up the goons" at last year's defcon for instance).
I'd like to see the so-called documents that gweeds, greene, etc. have -- to ferret out the truth.
This was bound to happen... (Score:1)
Cmon guys, you seriously think these guys have integrity? Integrity takes too much work!
Reality Check (Score:1)
Date: Fri, 19 Jul 2002 11:00:44 -0500 (CDT)
From: InfoSec News
To: isn@attrition.org
Subject: Re: [ISN] 'Hacker' security biz built on FBI snitches
Message-ID:
x-url: http://www.c4i.org/isn.html
Forwarded from: Aj Effin Reznor
William/All. While these articles may be timely, they're highly inaccurate. Mr. Greene all but admits to publishing little more than rumour and crap with no fact checking or basis in reality.
I would hope that bile of this nature does not pollute what is perhaps one of the few non-corporate security mailing lists left today.
"InfoSec News was known to say....."
> On Monday I reported a speech by Gweeds at H2K2, in which the grand
> hypocrisy of hackers weaseling their way from the scene to the
> mainstream by forming security outfits was denounced very nicely. A
> torrent of e-mail denouncing him soon followed, some of which I've
> posted here.
Posted unattributed. Perhaps in the future showing the author of a given mail may make it worth a little more; carry more weight or legitmacy. It can be assumed that since things like "facts" can easily errode all of this series of articles, Mr. Greene may find it in his best interest to not actually mention where anything came from.
> Even I was attacked merely for reporting what he'd said. Suffice it
> to
Lest we go from reporting with integrity to tabloid journalism, reporting what someone said should be maybe replaced with fact checking. Reporting rumours is hardly newsworthy.
> He also named names in the speech, in particular ISS, L0pht/@Stake
> and Sir Dystic, three prime examples of energetic blackhat pimping
> for venture capital and cushy jobs, Gweeds believes. In particular,
> he
I don't see Sir Dystic having made a fortune off of Back Orifice, what may be his most well-known application to date. I see him behaving
rather responsibly to the newfound attention it garnered him. Were he writing for a techy-based news site, he'd probably also check for the
reality behind statements issued to him, unlike *some* people that come to mind.
> expressed a suspicion that L0pht/@Stake was somehow connected to
> NIPC (the National Infrastructure Protection Center), which may have
> helped the h4x0r glam rockers gain credibility and rise in profile
> among influential members of the federal bureaucracy. This
> connection also helped get Mudge a high-profile hacker-hysteria FUD
> session before Congress, he suspects.
Sure, he *suspects* it. Clever to just tag that on to the end. He may also *suspect* that aliens live under the White House and that Al Gore created the Internet. Suspicion of ideas does three things: Jack. Shit. Produce salivation in marginal journalists.
> On Monday, when I posted the first item in this series, I didn't
> know personally if the speech was punctiliously accurate, but it
> absolutely rang true to me. All too true.
It rang true? Then you believe the content regardless of accuracy? It only rang loudly, because someone who admits sociopathic tendcies
decided to stand in front of acrowded room and make alarming accusations.
Pop sensationalism is the fix, and Mr. Greene behaved like a junkie.
> Surely no one imagined that I wouldn't dig deeper into this
> deliciously nasty confluence of FUD, favors and venture capital
> flowing between the blackhat community and the Feds, with the cons
> serving as a handy, mediating conduit.
No, I'd fully imagine (and expect) that you wouldn't do a damn thing unless required to.
> And indeed, Gweeds appears to have hit on a number of dirty little
> secrets, though with a few minor inaccuracies, none of which is
> sufficient to undermine his basic thesis. There does indeed appear
> to be a circle jerk between commercialized blackhat sellouts and the
> Feds; and the cons do appear, perhaps inadvertently, to provide the
If Mr. Greene has not noticed yet, many companies, esp. those focusing on security, in particular computer/network/internet security, are
commonly contacted by the Feds for a variety of reasons. Can we expect l0pht to sellout into something as high-profile as @stake and NOT talk to Feds?
> venue and privacy needed for such liaisons. And finally, there does
> seem to be a significant amount of snitching for favors and 'trust'
> building going on between the two 'communities', a la the despised
> JP model.
Care to share? I haven't seen anything yet beyond suggestion and speculation.
> Flamboyant anti-establishment gestures and costumes do not a
> blackhat make. Your friendly neighborhood hacker turned young
> security businessman may well be looking to 'develop' your exploit,
> hack out a patch and pimp for proppies on BugTraq, and then rat you
> out to the Feds for gain and favor. This is how it works:
I'm not even sure what is attempted to be said here.
> Soon after I posted my report Monday, @Stake's Chris Wysopal (aka
> Weld Pond) vehemently denied any connection with NIPC to me in an
> e-mail exchange. He further insisted that I 'correct' the
> inaccuracies in Gweeds' statements. I explained that it wasn't
> proper for me to edit someone else's words, or even to express
> doubt, unless I believed or at least suspected that the statements
> were inaccurate. In this case I didn't.
Of course not! Stated earlier it "rang true" to you, and was everything you were looking for. When blindly following the cult leader, disciples rarely stop to check references along the way.
> "I am not going to write a 'point of view' piece that is parallel to
> an article that leads the reader to believe that patent falsehoods
> are true. Letters to the editor are much different than qualifying
> statements where they stand or issuing an errata," he replied.
> "[Several] statements by Gweeds are false. They were spoken by a man
> with an agenda. You have become his FUD platform."
>
> Me, a FUD platform -- right. There's a definite pot/kettle equation
> in play here, as we'll see.
No, not really. Weld has always been something of a straight shooter. I don't see Mr. Greene shooting straight here at all.
> And that is strictly correct, though not entirely true. NIPC is not
> where L0pht's Fed relationship was developed. But according to
> documents I've received, L0pht did have a relationship with FBI
> Special Agent Dan Romando, or 'dann0' as they called him, a Boston
> agent with a cybercrime-enforcement background. Our dann0 was an old
> friend of Mudge's from high school; and our dann0 had also been an
> intern in Senator Thompson's office before joining the FBI.
Shocking news, Mr. Greene. It's typical for Federal agents to approach workers in the security industry. Why? Typically, they know
more. They have a better feel for the pulse of what's really happening. We aren't shielded by layers of firewalls or on protected networks. Many of us are hanging out in the wind, taking hits, watching what happens.
It should be of little news *to anyone with a clue* that Feds and private sector rub elbows. Call it knowledge transfer, if you'd like,
but many of us in the private sector are happy to share conceptual knowledge with a goverment that really needs help. If our gov gets spanked, the whole nation gets spanked.
> If you want to know how L0pht got an invitation to testify "at the
> request of Senator Thompson," you'll find Agent Romando's hand all
> over that one. Ditto for Mudge's famous meeting with then-President
> Bill Clinton.
Any documentation to share this one, or is the shot in the dark?
> And why did dann0 Romando bother to help the L0pht cyber-ninjas gain
> national fame? Was it out of friendly loyalty?
It's been known to happen.
> I wish it were. I have evidence indicating that L0pht members served
> as confidential FBI informants and actively solicited dirt on fellow
> blackhats. I have evidence indicating that they've offered to pay
> cash for such information. And they name dann0 Romando specifically
> as their FBI handler. That's right, those anti-establishment
> pop-underground h4x0r heroes have at least attempted, probably with
> success, to rat out their friends and enemies in service of good
> relations with the FBI.
Put up or shut up.
> When a guy like Mudge addresses a gaggle of naive,
> technically-illiterate Congressmen, claiming to be able to break
> into any network on Earth, only a fool will imagine that the
> consequence will be anything other than more Draconian laws. That's
> how Congress
No, the claim was that they could take down the entire Internet. Even a gaggle of naive, technically-illiterate journalists could recognize the difference between compromising any machine or network and taking the Internet itself into non-existance.
I see that history, not facts and conjecture, but document history, cannot even be reflected properly by the funhouse mirror that is Mr.
Greene.
> And Wysopal calls me a FUD platform....
Hint: You are.
> 'Sploits for me, jail for you
The Sploits rock! Ever seen them play live?
> Since you really don't have any skillz worth mentioning, no
> background in computer science, no military cryptography training,
> you'll have to learn to talk the talk. Outrageous clothes and
> piercings (preferably from a nail gun), blue hair and bad skin
> freely exhibited at cons are a big plus here. Journalists love this
> kind of shit and will usually assign you a high, imaginary threat
> level. Teenagers will too.
Funny, sounds like you are describing Gweeds, your own pipeline to unfounded claims.
> Develop relationships with members of the real blackhat underground.
> Hit them up for kewl new 'sploits they're using. Maybe pay cash for
> them; maybe barter for them with other kewl 'sploits or illegal gear
> you're cobbling up in your basement, like pager monitoring devices,
> say.
Once upon a time pager monitoring devices were legal. Point is moot.
> "Russ Cooper, who publishes the NTBugtraq newsletter exposing
> security risks in Microsoft products, called the group "eight
> brilliant geniuses."
What, pray tell, has Mr. Greene himself done? Clearly ignorant to the field of Information Technology Security, we can safely establish that
he wouldn't recognize genius if he liberally skewered it. Also taking for granted the words of a virtual unknown (whom Mr. Greene himself is
"pimping" as a fount of knowledge) seems to be propagating the very cycle he is trying to establish as bad. Bad reporter, bad! No
exclusive for you!
> Go in front of Congress every chance you get: remind them of how
> scared they should be. Tell them that the Internet is about to be
If you aren't scared, you're either ignorant, or blind, or dumb, or... a journo. But I repeat myself. (Apologies to Mark Twain.)
To those of you that read this far...HI! Seriously, I don't enjoy ranting like this, people. But the sad truth is that, as with other
FUD, there are people out there believing it. Some, I'm sure, on this list.
-aj.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Howard Stern (Score:1)
Here's where sellouts come from. . . (Score:4, Insightful)
When you are a kid, you have skills and powers and the fire in your gut. And Mom & Dad pay for more than half your stuff. You don't worry about how you'll take care of yourself. You don't care about owning property and about how you will take care of your family. --You don't have kids yet, and probably don't plan to. Money is interesting and sexy, but it's not vital. In fact, it's kind of funny. It seems so many people take it far too seriously. It's fun to mock.
And so you hack. Or paint. Or busk. Or drink and smoke, or whatever young people do with their time and their fire and the money Mom & Dad gave them. --Or the few bucks earned from some lousy retail job.
And life is pretty good for about five to ten years. Rough and kinky and friendly around the edges. You can live on beer and pizza and Playstation and hope for a good romance/fuck with that girl you like, and maybe get some D&D in on every second Tuesday, cuz, you know, everybody has so little time these days, now that college is over.
But then. . .
You get the first of your grey hairs. Your body starts to do funny things. The mad fire of enthusiasm starts to flicker and you realize that your river of power is really NOT going to last forever!
And worse, you realize that true love has an unexpected price tag; one which is somewhat higher than the cruddy IKEA furnished room-mate situation you lived in when you were 25. Wives and families need proper bedspreads and New Car Smell purring from the AC. --And it always kind of sucked, but now you find yourself thinking more and more that working the Blockbuster counter just isn't as cool in your late twenties as it was when you were sixteen. And fuck! You're going to be thirty next year!
So you start to get scared, but this time you can't put off finding a solution. It's getting late. So what skills do you have? What can you turn into a lot of cash? The gun-wielding asshole at the border or in the patrol car or wherever, isn't going to let you get away with your stupid young shit just because you flash that caught-in-the-headlights "but I'm just a student," look at them anymore. You need credit cards and a fucking haircut buddy, or you're no place.
Sure, it's selling out. Sure it is. Hell, you had about 10 whole years to find a proper solution! And hell, if you were smart and diligent, you could have come up with something which would have steered you to financial comfort and self-reliance without darkening your soul; without caving in to the siren call of corporate slavery. But if you are like the other 99% of the spent sperm out there which never even found the road map to the lovely egg, then you're fucked like everybody else. Youth is powerful and wonderful and intoxicating, but then it's gone, and that's the way of things. It's not even sad. It's just how it is.
And this is one of the places where FBI sell-outs come from.
The rest is just stupidity and grandstanding. Cuz, you know, kids, eh?.
-Fantastic Lad
(Sorry. I'm painting a very negative picture of life here. You can change any of the above at any time. Corporate slavery can be left behind and moral high ground reached very easily any time you choose. But tonight, I've got the techno-ambient MP3's playing and I'm in a bad mood, so this is what I wrote. The sun'll come out tomorrow. . .)
Serious evidence says Dogs are flying out your ass (Score:1)
All of which leaves you at about a Dumbass: -1