Printable View
Err, weren't CDC were being satirical in their comments about working with the FBI? :D
I have never held them in particulary high regard, especially after reading some of their earlier newsletters, all of which seemed to talk about bringing down society rather than computer security. :(
cDc did NOT join the FBI. There was a thread posted on this in the last couple of days. In that thread, I posted a link to the cDc file that said it was a joke.
A better example would have been l0pht/@stake. That is your hackers gone security if I have ever seen it.
There are quite a few "teams" out there right now that work on this. gobbles, snosoft, etc. Another good team would never hurt though....
That's what I was trying to say.......it was a joke, the CDC joining up with the FBI,please. I guess my flow of consciousness when writing that derailed..... I knew what I was saying.Quote:
Originally posted here by pwaring
Err, weren't CDC were being satirical in their comments about working with the FBI? :D
I have never held them in particulary high regard, especially after reading some of their earlier newsletters, all of which seemed to talk about bringing down society rather than computer security. :(
NetSyn- me too. Some of the stuff they publish is funny, but overall , eh....
I also never thought much of cdc (though the Centers for Disease Control, also a CDC, are good folks)....
As for the teams of hackers, why not get some skills and join the CERT or the NIPC (www.nipc.gov) or the DOD Security team (1101110101 has the web address, I don't)? They all pay well and its white hat work!
I agree, @stake certainly know what they are talking about (used to be l0pht heavy industries). They publish lots of extremely detailed security advisories, and you can still get a free, command line version of l0pht crack from their web site.Quote:
Originally posted here by souleman
A better example would have been l0pht/@stake. That is your hackers gone security if I have ever seen it.
okay, my bad. I haven't been to Cult of the Dead Cow, for a while. After reviewing that.. i totally regained my respect for them.
and my apologies to everyone =)
See I think ( and this is my own opinion so tell me to shut up if you want...) but forming the Security League of America or something like that is a bad idea...reasons being is becuase when you do things that tighten Information and the such then regulation becomes easier. Now for some people this is a good thing however I don't believe in it. More control and less information (prehaps I am paranoid). If you really want to do stuff like be in the know however be a white collar then I suggest as someone has before something like the following
NSA, FBI, CIA, DEA, and others for l0pht is was a good idea why not make leagal money doing what you love....however dont hold everyone else down to it. Also when things become tight as far as information access I forsee violent actions becoming of it (maybe too much Terminator?) Like I said this is my own opinion feel free to tell me to shut up.
Hey you told me to.
Seriously though I tend to agree with Cybermagellan (his opinion, tell him to shut up if you want to). Organizations go through stages. First they are a good idea, then they come together and become a team, then they organize to maintain order in that team, this organization starts to reduce the options of what that team can do, then they start responding to pressures from groups they interact with, finally they stagnate.
This does not mean that orgs should never be created or joined but it does mean that people that work outside the organizational structure are needed as well. It is interesting to me (I worked for the government for 9 years designing missiles before getting into computers, networking and security) that you all point to Government organizations. IMO Government organizations are created stagnant because they start off with so many rules. Yes the NSA, NDIS, and other organizations have a tremendous amount of talent available to them. However they are bound by the rules governing them. White hats out there plying their trade may not find holes into the tightest places (and they may) but they will certainly test more places and find out the vulnerability extents. I point out also that it wasn't any of these orgs that found the latest I.E. hole. It was a White Hat who promptly forwarded it to security web sites where other white hats tested it. Then it was the independent GNU browsers that were fixed first.
Micro Stagnant still is deciding if it is an issue.
I also think we, more than anyone else, need to maintain the mantra of the difference between Hackers and Crackers. Hackers = White Hats = Good. Crackers = Black Hats = (usually) Script Kiddies = Bad. The media need to make a distinction but if we don't maintain it ourselves how can we expect them to.
BTW, no I am not a Hacker, I am working to learn to be a hacker so I can be a more effective security officer. But, if a hacker cracked my system, called me up and said how and how to fix it, I would not report him. I might take credit for his work to my boss :D but I would not report him. I would thank him. Then I would check for all of the back doors I had ever read about and make sure all of my backups were up to date. Hey, I like them but security should never fully trust anyone.
Finally, one last point. We all know this, it is talked about and talked about but when Hacking and Cracking come up it is all but forgotten. My biggest security risk is not external hackers and crackers it is my companies own employees. Either them giving away information or becoming angry. To narrow it down even more my biggest risk is from middle to high management and my own beloved MIS department. The rules never apply to those who make them, or so it seems.
Actually if you were to go way back in time to the begining before the .net was a big thing the term 'HACKER' had nothing to do with security because security was a joke back then and everyone was to busy programing to even notice or care. It wasn't intil around the 80's when kids started breaking into things and thats also around the time when companies started to drag skilled programers into offices and hireing the to protect thier systems. Anyways....
"TO ME" a hacker is some1 who builds great things as a hobby but now the word is something that CNN uses to get rateings and many and other peaple who are more educated & know the difference between hacker & cracker see this term as someone who likes security sure I can see this as hacking but when I think of 'HACKER' I think of great inovations.