Self preservation

[skiddieleet]

I think you should just ask your questions in public. If you get negged you get negged. If you get them answered you get them answered. If they just sit there with no replies or negs, at least you tried. I just had an assignment about exploiting various vulnerabilities, and I'd be happy to try and answer some questions regarding the subject.

[ech0]

Thanks for the input guys/gals. I come to the conclusion that it is possible as long as I get a presence on AO and prove that I'm not just some mindless kid looking for a way to 'p0wn' someone on the net and do it in a private place. I just want to stress that I do have the time and the means to do this and the integrity to 'keep it clean' and legal while I try. As I said in my original post that I will be doing most of the research from a number of sources like bsrf, neworder and a host of others. I will only be asking about specific topics where I don't understand the theory of an attack or need to discuss something a little more in depth. Basically questions more so then 'w4r3 d0 1 g37 ub3r 0d4y spl0its?!' I guess my main point here is that I agree with the ideas put out there by my fellow members and agree with most of the points out there. This venture will take me some time and by then I will have hopefully have wormed up to the community and will have gotten my name out there. P.s. HI! I'm ech0

[nihil]

Well ech0 either you are genuine or one hell of a social engineer, because I believe you..........and I am sure that there are several members here who will vouch for my tolerance and gullibility

Why?

1. You asked the question of propriety in the first place, and it was not your first post.

2. You politely awaited responses without diving in and trying to "defend" yourself.

3. Your "story" made sense and you did not change it.

4. You wrote in proper, articulate, English.

[hjack]

So what we are saying here is that we can have theoretical conversations here but actual dicussion of specifics of attacks or case studies aren't welcome?


Okay, lets not discuss what can be found here , here , or here which btw the way is the first 3 links on google for exploits .


Next arguement : But we aren't showing the how to use them which can be found here , orhere. All this can be found by searching compiling exploits.

But should we be the "devil's advocate" and contribute to this?


ummmm.....................hello!?

Results 1 - 10 of about 33,000,000 for hacking

I mean, come on people, this is a site for security discussions. That requires "discussions".

Most of the people who would abuse this information really don't have the base knowledge to apply it anyways.

Reality check man.


Ryan

[nihil]

Ryan old chap:

So what we are saying here is that we can have theoretical conversations here but actual dicussion of specifics of attacks or case studies aren't welcome?

My view is "absolutely not"..............that is why I was making the point about a$$ covering........you have just proved what I was saying by demonstrating that the information is already in the public domain? Surely it is right and proper that a security site would discuss such things?

My additional rider would be that there should be reference to mitigation/defence as well. That makes it pretty watertight, at least under UK law

[Egaladeist]

Hi nihil,

I agree that it's already available...

and I do not believe that not providing public access to this type of information would in any way prevent people from obtaining the information through other means...

and I agree that a security site such as this should touch all the bases...
and I agree with your assessment of ech0...

however...

I still think this can be approached responsibly...taking into account that some may use the information for malicious purposes...is it really that difficult to utilize the conference rooms for these matters...where these issues can be discussed at length without having to worry about prying eyes?

Eg

[catch]

The only people who neg for asking penetration testing/wargame questions are self-important wankers who haven't a clue themselves and just wish to play thought police. These same people tend to have little concept of what actual legal considerations exist.

If all you're looking for is packaged exploits for the latest vulnerabilities, you are at the wrong site. If you wish to have a conversation about methods and considerations then you'll find a few people here with worthwhile insight, but until you know who is who, take everything with a grain of salt.

Ask intelligent questions (gotta be smarter than Google) and you shouldn't have too much trouble.

Remember it is only illegal if you outline an illegal activity in your post.

"How could I go about subverting zone alarm?" Is a perfectly reasonable question.
"How do I compromise the message board on widgets.com?" Is not.

cheers,

catch

[nihil]

These same people tend to have little concept of what actual legal considerations exist.

Consider this: 12 morons good and true, a half of whom couldn't even find the I/O switch on a computer and a shower of shysters and their "Ankit Fadias" And you don't have the financial resources that the opposition do. "Do you feel lucky punk, well, do you?"

"How could I go about subverting zone alarm?" Is a perfectly reasonable question.

....................the hell it is!!!! that is exactly the scenario to avoid............asking information on how to attack A SPECIFIC COMMERCIAL PRODUCT? .........is what will get "the Man on yore sorry a$$".

Now, if you said "software firewall" or "does ZoneAlarm have specific design flaws or weaknesses" then you are on much safer ground, particularly with the former.............the reality of life is:

"name a product and expect to be sued"...............OK for people who make a living out of journalism and such ( it builds their self esteem if not their reputation), but not for most people on this site who have a day job, or hope to get one when they qualify. Sure you might get away with "the truth"..............I guess "public interest" would be shot to hell because of the context in which you revealed it? AO is NOT the Sans Organisation.

Laws vary from country to country...........even state to state?

But, each individual has the right to take their own decisions..............and answer for them

[catch]

Consider this: 12 morons good and true, a half of whom couldn't even find the I/O switch on a computer and a shower of shysters and their "Ankit Fadias" And you don't have the financial resources that the opposition do. "Do you feel lucky punk, well, do you?"

If the act isn't illegal in the first place... you'll neer see those 12 morons.

the hell it is!!!! that is exactly the scenario to avoid............asking information on how to attack A SPECIFIC COMMERCIAL PRODUCT? .........is what will get "the Man on yore sorry a$$".

If "the man" is stupid... attacks against a specific commercial product are not illegal... only attacks against specific organizations.

"name a product and expect to be sued"

You'd think so... except every software product has some version of this phrase in their EULA:
"This software may contain bugs and is provided as is."
This removes some of their liabilty if the software fails, and it removes all of your liability in saying th software sucks or designing techniques to subvert the software.

It goes both ways.

cheers,

catch

[hjack]

I don't think nihil was referring to criminal legalities catch. More of a civil thing.

Nihil seems to agree with us in the moral/ethical arena. Its the responsibility (legal ramifications wise ie civil suit) that his concern seems to lie in. As for that, unless a Mod or someone from Jup Media steps in and condones a certain thread or mentality then I say there is no problem with it. No one here would be held responsible.


Ryan