Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Tue Oct 09 2007 - 21:45:09 CDT
-----BEGIN PGP SIGNED MESSAGE-----
You also missed an apostrophe in this post.
On Tue, 09 Oct 2007 22:06:47 -0400 Dude VanWinkle
>I didn't read that book you sent in response to an offhanded
>but I am impressed you learned about paragraphs!
>Now, lets focus on capital letters.
>-JP<who doesn't want to strain netdev with punctuation just yet,
>to mention logic and brevity>
>On 10/9/07, worried security <worriedsecuritygooglemail.com>
>> On 10/9/07, Steven Adair <stevensecurityzone.org> wrote:
>> > I think you guys are both mixing up CERT (cert.org) and US-
>> > ( us-cert.gov) -- both of which have very different functions.
>> > mentioned though, you probably wouldn't want to call either if
>> > Internet goes down.
>> > Steven
>> > They both suck though, and its not clear cut who is
>responsible for what.
>> The US-CERT vulnerability and incident report proceedure sends e-
>> both US-CERT and CERT.
>> Also it was the US-CERT bulletin alert e-mail which had
>certcert.org in it,
>> so those folks who are ment to be running an emergency response
>> get their shit together,
>> People want to know where to tell the government about
>something, and the
>> government should be approachable. lots of folks are scared to
>> government directly about shit, incase it draws attention to
>them and they
>> end up getting into trouble for something completely different.
>> I also believe the spying and undercover work that goes on on
>> for example is stupid, and befriending folks to get information
>> latest security news is wrong. If there were known government
>folks on the
>> irc channels and they were open about who they were, the
>> gather far more intelligence about hacks than being undercover.
>> Trust me, the government think they need to be undercover to get
>> intelligence, but the way I see it, the government would be
>> many folks come forward in a friendly way if they said, yes i
>work for cert
>> or the dhs, i'm a cyber security contact if anyone wants to talk
>to me about
>> anything. the government need to get this whole situation sorted
>> tricking and entrapping folks on irc and other places.
>> while i know in some investigation work undercover is the way to
>> is also a need for the government to be more open with the
>> community when lurking around the underground communities.
>> the government should have a "cyber security contact" in the
>> underground irc channels, not the whole big undercover operation
>> government currently run.
>> plus, i don't believe their keyword data mining uncovers
>> government should know, conversations on the internet by the bad
>> often crafted in a certain way, because they know they are being
>> now if the government had open points of contact for the
>underground to talk
>> to, who were friendly approachable people, then the government
>would do far
>> better in public relations with the computer security community
>than they do
>> at present.
>> i'm sick of the government as it currently stands, i'm sick of
>> government and their intelligence services thinking the only way
>to find out
>> about things is to be undercover and have sophisticated
>> collecting software.
>> trust me, if the government were just open with everyone
>everyone would be
>> the winner.
>> there are people that are happy to give vulnerabilities, zero-
>> intelligence to the government, and you want to know why?
>> everyone likes everyone, so its within the hackers agenda to
>> to the government which belong to their enemies, to cancel out
>> own agenda.
>> back in the day when i first began the whole hacking thing, i
>> my friends by telling yahoo security team what they were upto
>and give them
>> zero-day software, to get patched, this is so, their zero-day
>> out, but my stuff wasn't. so there are always reasons why the
>> community would approach the government if their was a friendly
>> representaitive in all the major public communties.
>> what i want the government to get away from is the impression
>people have of
>> them and thats "big bad government with dark security services
>> normal people in communities", and not just online communities,
>i mean in
>> real life as well, they have folks in towns and cities as well,
>> devious undercover general surveillance, but if the government
>> open with folks, things would be a lot easier.
>> while full-disclosure is close to being a point of contact to
>> things, there would be a lot more unearthed if their were human
>> contacts in the major public communities, because a mailing list
>> always the way people want to contact the government and an
>> form on a website isn't always suitable for the hacker either,
>> human interaction with the government over irc, and other forms
>of real time
>> stop the whole devious government thing, and get open points of
>> within communities. hackers don't want to use online e-mail
>> hackers want assurances that they won't become suspects
>themselves for being
>> informants to a human cyber security point of contact on mediums
>> internet relay chat.
>> so yeah, government, stop the whole hiding away in control
>> designing sophisticated software, if you actually get humans
>> communities to talk with the security communities over current
>> would gather the right kind of intelligence about people and
>hacks, which is
>> quality information, that doesn't need intelligence analysts to
>> heads for hours wondering, "is this a credible threat or is this
>> joking around".
>> the dhs and cert have got the whole public relations thing with
>> underground at present all wrong, you need folks like me with a
>> approach to everything, instead of ramping up a "war on terror"
>> be won. all wars begin and end in dialog, so take that into the
>> security arena and get some friendly nicknames around the
>> communities which are known by the good and bad guys... and you
>will rake in
>> the rewards.
>> at the moment there is no cyber terrorist threat out there, but
>> mean there always won't be, so its better to get into the
>> security communities in the early on years, so in 5 to 10 or 15
>> when cyber terrorism is a real threat then you'll know who
>everyone is in
>> the major public security communities and you'll have people
>> communities who are approaching you on a daily basis to update
>you on whats
>> going on in the security community.
>> money isn't needed. while in real life, with drug scene
>> want money to inform the government about folks, this isn't the
>> because its not as dangerous for a member of the public to be
>> collect intelligence on folks. what i'm suggestiing is i know
>many folks who
>> would give free intelligence for no money, just to cancel out
>> and just to generally be helpful because they are bored, than to
>> certain sum of money for a certain level of importance of
>> what i'm suggesting is these open points of contact i want setup
>> be there for folks to volenteer information on a free basis, and
>> starting to blackmail those point of contacts for cash would
>> ignored. whats needed is open human points of contact who are
>> on the basis of certain individuals coming forward to give free
>> intelligence, not to be a way for that individual to cash in, on
>> circles he is involved in or the zero-day software he has
>> to get back to the beginning, the whole contacting cert and dhs
>> wrong in relation to the cyber security community, your website
>> its not a friendly and approachable looking site for everyday
>> script kids and security professionals to use. the whole dhs/us-
>> badge/logo/graphics etc scare people away. if your site was less
>> serious government looking, then maybe folks would send you a
>> voluntary intelligence, but like i've already said, e-mail forms
>> attract the underground, get known nicknames into communities,
>its the only
>> way forward if you really want to get ontop of the whole cyber
>> scene, now in the early years before real threats start to
>gather as the
>> whole cyber terrorism threat is being ramped up for future
>> stop the whole we're the big bad serious dhs and cert and get
>> government sovereignty logos etc taken off sites which are
>supposed to be
>> designed for the underground contacting you. at the moment your
>> scary dhs and cert, it doesn't need to be that way. become
>> approachable, become open and honest in underground communities
>> undercover work and devious befriending for general surveillance
>> intelligence gathering. whats wrong, you can have both
>undercover folks and
>> have known cyber security contacts in underground communities,
>> to lose? absolutely nothing.
>> Full-Disclosure - We believe in it.
>> Hosted and sponsored by Secunia - http://secunia.com/
>Full-Disclosure - We believe in it.
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/