blackhat for life

December 18, 2005

hack3.txt

Filed under: PHC, whiteh8 — antisec @ 9:12 pm

Don’t be confused by the evil words of whitehats. They dont really care about security, all they care about is money. They are hypocritical mercenaries that will do whatever suits _their_ interests. The common whitehat belief, is that we should pity corporations and private entities for not having the knowledge to secure themselves, and as such should feel some sort of moral duty to use our knowledge and abilities to aid them in the protection of their assets. Make no mistake however, these companies care for nothing more than their bottom line. None of them really want to secure anything all they want is a scapegoat, someone they can point the finger at when shit hits the fan and say, “It’s his fault Mr. CEO, that’s why our client databases got posted on a public hacker website.”. Let’s examine the converse side of the situation, do you think for a second that senior level executives in companies who’ve managed to figure out the system to the extent where they can embezzle, swindle, and screw good people out of millions and millions of dollars totally unjustly (and yet entirely legally), would feel any sort of obligation whatsoever to use the knowledge that they had gained to facilitate those who did not have that knowledge in obtaining what it is they were after ($$$$).

Why should I feel at all inclined to protect the assets of people who have more than likely obtained those assets by ‘morally’ unscrupulous actions. In all actuality, we have established that contrary to what prominent people in the business community will have you believe there is very little (if any) ethics involved in the business model of your average supercompany, (Worldcom, Enron, Tyco, etc.) which more often than not employs the “Let’s fuck them, before they fuck us” mentality. I challenge whitehats, any and all, to give me a single viable reason as to why I should feel compelled to help a bunch of self-interested, self-absorbed, financial barbarians protect assets they probably shouldnt have in the first place. Why should I care if sl4ppyj4ck the script kiddie makes life miserable for a bunch of assholes trying to cash in on the inherent gullability of the average schlep, who cant find people skilled enough to secure their machines without subscribing to bugtraq? See the whitehat community will also have you believe that we need to make the information superhighway safe for “Joe Q. Websurfer”, when in all practicality “Joe Q. Websurfer” is only going to be targeted by script kiddies, who would never have the means of causing him any grief if powerful exploit code wasn’t given to anyone with a compiler. If the information I’m providing to a person, for whatever reason, is being wasted or undervalued, why should I continue to give this person (or group of people e.g. SECURITY COMMUNITY) this information?

So we must ask ourselves the following question: Who is really benefitting from full disclosure practices, the companies that will most likely not even patch holes after they’re released, and even if they do remain vulnerable to countless number of “0day” bugs that will remain undisclosed. Or is it really the under- talented, overrated, glory seeking, self-proclaimed “Security Guru” provocaturs of anything that will increase their profit margins, and notariaty, at a rate directly proportional to the amount of security FUD that exists on public full disclosure mailing lists.

The message is simple:
STOP READING BUGTRAQ, STOP POSTING EXPLOITS, CLOSE YOUR FUCKING WEB BROWSER, START READING A BOOK, START LEARNING SOMETHING THAT WILL BE MORE SELF-FULFILLING THAN BEING A FUCKING LEECH THAT MAKES MONEY OFF OF THE TIME AND EFFORT OF PEOPLE SMARTER THAN YOU COULD EVER HOPE TO BE.

-Someone who’s sick of supporting an unrighteous cause.

Advertisements

7 Comments »

  1. What about organisations you support? While too many are silly corporations, surely you recognise the need for defense?

    What if a NGO doing good work wanted to solicit donations via a webpage? Why should they have to hire a security expert?

    Not everyone in the whitehat community serves corporate interests, and not everyone thinks they are the smartest. Building on the work of people smarter than you (actually building not copying) is how knowledge gets developed all over the place.

    Comment by Dominic White — December 20, 2005 @ 11:04 am

  2. “What about organisations you support? While too many are silly corporations, surely you recognise the need for defense?”

    The root of the ethical problems in the whitehat community come with what they’re defending. What is it that defense really defends? Do we really want to be defending corporate empires that have been built on injustice, totalitarian countries that regularly topple democracies and slaughter the innocent, and barely legitimate enterprises with links to organized crime?

    “What if a NGO doing good work wanted to solicit donations via a webpage? Why should they have to hire a security expert?”

    They shouldn’t. As far as I’m concerned, forcing them to buy security “solutions” that fix problems that only exist because the security industry forces the disclosure of exploits is a form of extortion.

    “Not everyone in the whitehat community serves corporate interests”

    Disclosure of any sort to commercial entities is serving corporate interests. If your systems are insecure, fix the problem and don’t leak to any vendor that’s not an free software product.

    “Building on the work of people smarter than you (actually building not copying) is how knowledge gets developed all over the place.”

    It’s funny that the patent machine seems to reward the corporate oligarchy but not independent researchers. I spent many years developing exploits and exploitation techniques in good faith. Then I figured out that the entire intellectual property rights game is rigged and have been better off since. I want Chris Klaus and Al Huger to give a cut of all revenue to the people that made their business for them.

    Open your eyes and stop being a slave.

    Comment by antisec — December 20, 2005 @ 11:22 am

  3. dfdf

    Comment by jhonny — February 8, 2007 @ 8:12 pm

  4. Guys, I have a question for your philosophy of non-disclosure.

    Sure, I agree with you that all that the bastard corporations and banks care about is their shit bottom line. One detailed look at how loans and mortgages are structured and you see how hey suck every last dime out of people all while wearing a pleasant little smile. Hey, I don’t mind if you (banks) suck people dry, but at least have to balls to be upfront about it.

    In the case you guys are championing though, I have hit a snag.

    Why don’t you guys promote delayed full-disclosure instead of non-disclosure?

    Find an exploit? Okay, get some industry/vendor/manufacturer guys together and get a patch done. Release the patch, and give people some time to patch their systems and then give a full disclosure of the exploit and vulnerabilities.

    I mean if the Network Admins don’t patch up their systems in time, hey it’s their own freaking fault. You were notified, you were given time and you are paid to do your job but yet you sit around not securing the very networks you’re paid to manage? Well, you deserve the attacks.

    Let’s all not be naive here, full-disclosure or no-disclosure, the information is going to leak out and spread through underground hacker networks, USENET, VPNs and all kinds of other non-visible links whether you like it or not. And if this information is not openly disclosed, the people out there are going to be ignorant about it and take no preventative steps to mitigate widespread disaster.

    So guys, tell me. Why not support delayed-full-disclosure?

    Comment by Regina — July 11, 2009 @ 12:25 pm

  5. “Find an exploit? Okay, get some industry/vendor/manufacturer guys together and get a patch done. Release the patch, and give people some time to patch their systems and then give a full disclosure of the exploit and vulnerabilities.”

    SHIT !!! full-bullshit u called out!
    that’s WhiteHat bastards’ way, u know!?
    stop junkin ’round!!! why blackhats should release their vulnerabilities for all!?
    so, security expert bitches are for just patching what we found ?? and earning lost of money! lol bullshit.
    did u heard ’bout security paradox?! no? but i heard, read Phrack 64 or 65.
    we find bugs, we exploit them, we hack them, then they’ll patch those bugz themselves, if they’re smart ! if no, go to hell. return 0;

    Comment by MFox — July 12, 2009 @ 4:42 am

  6. I can’t spend all day reading your rants. I will say this though, it seems you’re just an angry person because you were never rewarded adequately for your work. Its not anyone else’s fault you can’t market yourself and gain a profit margin from security research.

    If you find the market place unfair or fell burnt because no one would buy your cool exploit you have a few options:
    1. Fuck off
    2. Make your own market
    3. Try again

    Comment by Monarch — July 13, 2009 @ 3:28 pm

  7. Good job guys you are our voice. that have only one option…. ! fuck them then they listen you 🙂

    Comment by syniack — August 7, 2009 @ 1:57 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: