Jump to content

Anti-Sec movement hacks Imageshack


SmoothCriminal

Recommended Posts

http://it.slashdot.org/story/09/07/11/1430...oups-Threatened

So I haven't posted here in a while, but I saw this and thought this was crazy and maybe some of you would share my thoughts. The group is stating that security and white hat hackers, like many of the people here, are a bad thing and hurting the community. That by using full disclosure of exploits they are making everything less secure. Simply put I think this is absurd. Sure script kiddies can get a hold of exploits and take advantage of them, but the whole point of full disclosure is so that the vendor can patch the issue and prevent bad things from happening. Without full disclosure developers would not learn of vulnerabilities in their products and then security would be truly bad. I personally hope these people end up going to jail from the work of white hat hackers at the FBI tracking and arresting them.

Thoughts?

Link to comment
Share on other sites

I'm all for full disclosure so long as the party it effects is at least informed or told about it before going public. If they don't fix it after a reasonable amount of time or do not repsond, then go public with it. I ended up doing this with MySpace, and even got ISC involved because myspace never responded to my claims. Eventually they patched the flaw, but was not for months until the problem was fixed. I still have a blog post on Myspace that was there before the flaw was patched, and the flaw still works on that one page, which in itself is still a problem, because even though they have filtered and sanitized future input, my post is already embedded into their system, and could still pose a threat if I were to change the script to add something else to it. That is one of the scary things about social networking sites, as they may have fixed certain problems from this day forward, but fail to update site wide any code that may have been posted to their database before the sanitation code was put in to filter it out.

Most security and white hat hackers are responsible with their disclosure of code, and 9 times out of 10 notify all parties involved before going public. Even if they didn't, someone who has ill intent to harm them would surely do so without disclosing it to anyone and by then, its too late.

Link to comment
Share on other sites

I just got the lolz reading that garbage "manifesto" they posted! :lol:

I read between the lines and this what I got out of it: "Full disclosure and whitehat hacking is bad because it makes systems too secure, too many script kiddies steal the headlines from us (the REEEAAAL h4x0rs), and it makes it too hard for us to set up spam botnets and sniff credit card numbers off people's eBay accounts. The world needs to return immediately to security via obscurity and closed source so we can keep blackhatting with less effort."

What a bunch of back-asswards, contradictory BS! We're protesting whitehatters' irresponsible and destructive practices..........by committing irresponsible and destructive acts... :lol::lol::lol:

Link to comment
Share on other sites

Wow how retarded.

It sounds like the black hats want to retain control. They're not truly in favor of better security. This is recockulous bullcrap.

I completely agree with what digip said, most white hackers that find these sorts of things will first notify the vendor that owns the software rights, report it to them and THEN disclose it. SO.. the vendor will have a patch out very soon (minus mc$ft, they like to wait) for IT people.

I can't and won't go on about this, because it's not worth getting pissed off against such an absurdity.

Link to comment
Share on other sites

I don't think its black hats as much as one group of retards who want attention and maybe fame for their groups name. They give all hackers a bad name, and only fuel the medias fanatical stories of hackers and their sploits. Real hackers don't go around doing this sort of stuff as a "movement" or organization. Criminals are usually the ones who organize such things for profit and group gain. I only see their movement causing the exact opposite of what they say they stand for. It will only further the security field and people who wish to learn about it. If anything, it will backfire on them and cause exactly what they wish to deter.

Link to comment
Share on other sites

You have to make a living some way. I don't believe in any kind of disclosure, but to each their own. I'd say the issue with "hacking" now is the amount of "pentesters" and "White Hats" which are little more than skiddies running things like nmap, core impact and other tools against any company that will give them a few dollars and calling themselves hackers.

I was talking to a group of people studying computer forensics a few weeks back and its shocking how little they know, they have no passion for the subject, its just the pay packet at the end they see. This has happened to the whole computer industry. Its a sea of mediocrity.

Link to comment
Share on other sites

I don't think its black hats as much as one group of retards who want attention and maybe fame for their groups name. They give all hackers a bad name, and only fuel the medias fanatical stories of hackers and their sploits.

Agreed! Like that ridiculous news story about the "dangerous hacker group Anonymous" when all they are are a bunch of 4chan dorks who grief on Habbo Hotel :lol:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...