Hacker Defender Maker Defends Himself

Printable View

Show 40 post(s) from this thread on one page

December 21st, 2005, 01:00 AM
hesperus

Hacker Defender Maker Defends Himself

Quote:

People often ask me why I don't write security applications instead of rootkits. It is clear that I would have to prefer one of these applications, either rootkit or anti-rootkit. If it is rootkit, no one will use my anti-rootkit, so it would be a waste of time to implement anti-rootkit. If it is anti-rootkit, then again, no one will use the rootkit. I've decided for the rootkit way because it is more painful for so called security companies.

Keeping security companies honest by finding holes is one thing, developing software used specifically for taking control of people's computers is quite another. Pretty sad excuse.

http://www.emailbattles.com/archive/...aacejifdhf_ic/
December 21st, 2005, 01:30 AM
rapier57

Well, just give me five minutes alone with holy_father and he'll be livin' up to his nickname. 'Course, that assumes he doesn't just piss his Depends and melt in fear first.

I attended a recent security meeting and a Secret Service agent in charge of cyber crimes was our guest speaker. His experience is that 99 percent of these creeps are spineless wimps with no lives and no other socially redeeming qualities. He had photos. He walks into the house or apartment, and they pretty much are so scared they do everything he asks and just hand over everything. One dude actually burned the hacked data and kiddie porn to DVD for him while he waited, just 'cause he asked.

Yeah, he said that most cyber criminals are also addicted to kiddie porn, and that is almost always the second charge after the warrant search.

Nothing like what Hollywood portrays.
December 21st, 2005, 04:04 AM
mandraketux

It sounds like he tried using a loophole but made it abvious of what he was doing like hesperus was talking about.
December 21st, 2005, 04:15 AM
|3lack|ce

Ummm, hate to say it Hesperus, but the guy's right.

Consider for a moment, radar detectors.

The SAME PEOPLE who make the police radar units make the detectors for them. It's a 2 cycle demand for products - the cops spend millions to get a 'newer and badder' radar, then the public spends millions to get 'newer and badder defeater' radar detectors. Begin cycle, repeat forever.

Same goes with idiot stick. Is it unethical? Yes, but it makes him millions.

Hate to say it, but having megabucks means you no longer need ethics. We've encountered countless cases of that in history, and I'm ashamed to say it won't end.
December 21st, 2005, 04:40 AM
Tedob1

Quote:

People often ask me why I don't write security applications instead of rootkits. It is clear that I would have to prefer one of these applications, either rootkit or anti-rootkit. If it is rootkit, no one will use my anti-rootkit, so it would be a waste of time to implement anti-rootkit. If it is anti-rootkit, then again, no one will use the rootkit. I've decided for the rootkit way because it is more painful for so called security companies.

what i hear is...i can do good or i can do evil. duh! i think i'll do evil!
December 21st, 2005, 05:50 AM
hesperus

Quote:

Originally posted here by |3lack|ce
Ummm, hate to say it Hesperus, but the guy's right.

I know what he says about the cylce of updates is correct. But somehow he squares himself with forcing AV companies to play catch up rather than helping them stay one step ahead. Since it is people's privacy that hangs in the balance, his position is inexcusable. He sees it as a game, constantly inventing this rarified space of undetectibility, and excuses himself by saying he is bettering those who are trying to stop him. It is a sinister and detached kind of madness that is blinded to real consequences.
December 21st, 2005, 06:58 AM
HTRegz

Hey Hey,

I can see what both sides are saying... you have to look at a couple of things...

AV software has always been reactive... not proactive... Who's to say that if he was playing for their side that they'd bother trying to be proactive even then... It's not something those companies are famous for... They're always playing catch up and if they keep up their current methods they always will be.

He's releasing software that while it is dangerous... it is forcing AV vendors to push their software that extra bit of distances.... He's publically released the source code and the AV vendors still can't create software to find it... If he was doing this for them (creating the source code privately and providing it to them so they could create protection against)... do you really think they would??? No... because it's not affecting anyone..

It's sort of like the world of exploitation... When a new exploit is announced.. many vendors do nothing... it waits 2 weeks... 6 weeks... 6 months.. Then it's released publicly and suddenly the vendor does something..

This is an ongoing problem with computer security... it's mostly reactive... It's not an easy field to be proactive in.... or rather most people are too lazy to put the steps in place to be proactive..

I don't agree with what he's doing... but I can see how he would be pushing the AV companies to work harder and do more...

It's like playing poker.... Even if you know you're going to lose you bet anyways.. .just to keep the other player honest and see what he's holding.

Peace,
HT
December 21st, 2005, 07:13 AM
phishphreek

Quote:

He's releasing software that while it is dangerous... it is forcing AV vendors to push their software that extra bit of distances....

forcing AV vendors to push thier software and make it more costly for us to run our computers. Not only the cost of the software, but the ever increasing resources that the software requires.

now adays, you need antivirus, antitrojan, firewall, antispyware, antiidiot software.
and thats only on the client side. you also need server side, devices at the border, spam/virus filters on mail servers, etc.

Quote:

I don't agree with what he's doing... but I can see how he would be pushing the AV companies to work harder and do more...

It's like playing poker.... Even if you know you're going to lose you bet anyways.. .just to keep the other player honest and see what he's holding.

In the end... the consumers lose. They lose by either having to buy updated software or hardware to run the software, or risk paying to repair damage done by malware. We can't expect everyone out there to be "security experts"
December 21st, 2005, 07:36 AM
HTRegz

Quote:

Originally posted here by phishphreek80
forcing AV vendors to push thier software and make it more costly for us to run our computers. Not only the cost of the software, but the ever increasing resources that the software requires.

Don't forget a lot of the increased resource usage comes from sloppy and improper coding...

Quote:

now adays, you need antivirus, antitrojan, firewall, antispyware, antiidiot software.
and thats only on the client side. you also need server side, devices at the border, spam/virus filters on mail servers, etc.

Would you pick A) No Protection B) Reactive Protection or C) Proactive Protection...
I want C and the only way the AV companies will ever get here is if someone is pushing... they won't take the initiative to do it themselves.

Quote:

In the end... the consumers loose. They loose by either having to buy updated software or hardware to run the software, or risk paying to repair damage done by malware. We can't expect everyone out there to be "security experts"

We can't expect everyone to be a security expert... but we could expect them all to have a basic set of skills... We require it for Driving.... for Hunting... For Boating... Or they could pay to have the security set up... Yes the consumer loses (it's funny you put loose... a tic tac toe drinking game I bought actually had instructions that said "The Looser Drinks"... just read it a few hours ago)... but is it an awful loss? Compare it to the alternatives... AV is unheard of... suddenly someone releases something that fubars everything... Not good..

Like I said.. I don't agree with what he's doing... but I think something needs to be done to push these companies to move to a proactive approach.. Right now this is what's doing it...

It's like drinking and driving laws.... Enough people were killed and they finally put laws in place... more people died.. they became more proactive (ride programs etc)... It's sad but it takes something awful before people take that next step forward...

Peace,
HT
December 21st, 2005, 07:50 AM
zencoder

Quote:

Originally posted here by Tedob1
what i hear is...i can do good or i can do evil. duh! i think i'll do evil!

<Advocatus Diaboli>

Evil and good are irrelevant in this discussion. He is choosing a side between societal symbols of accepted mainstream norm and rejected subversive counterculture. Evil is probably better used as the White Hat perspective. Do you think that government hackers working against their nations' adversaries believe that they are Evil?

</Advocatus Diaboli>

I agree with the speaker at rapier57's meeting. This guy seems like a git who has no life, no social skills, and can only feel empowered by whatever "cred" he get's from the cracker community for writing l337 spl0i7s. I could be wrong. *smirk*

As for the kiddie porn, my experience is slightly different. When I was investigating accusations of criminal behavior in the Internet jurisdiction, most of what I dealt with was fraud and kiddie porn, not skiddies and crackers. However, many of the kiddie porn freaks fancied themselves "hackers" and bought into the whole counterculture...maybe as a justification for their childporn circle of associates, maybe because they figured they could learn to protect themselves from The Feds, who knows. But exploitation of children and 'rootkit skiddie circlejerk clubs' usually had many of the same ties.

<Off Topic>
I should copyright/trademark that, rootkit skiddie circlejerk clubs.

Ah, I crack myself up.

Show 40 post(s) from this thread on one page