[Full-Disclosure] A different perspective

From: Euan Briggs (euan_briggs@btinternet.com)
Date: 11/22/02


From: euan_briggs@btinternet.com (Euan Briggs)
Date: Fri, 22 Nov 2002 11:17:57 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
 there is an interesting point which everyone seems to be overlooking
(perhaps because PHC were still in nappies at the time when the
hacker landscape was going through major changes..*grin*). This is
just my personal insight and comes with no warranty.

 Contrary to popular belief, the security industry is not responsible
for the "rot" in the underground hacker scene which PHC seem to have
an issue with. The decay began to set in as soon as the media
spotlight was focused on hacking. As the whole thing was being
glamourised, it caused things to start to open up to public eyes.
Hackers initially were driven by their desire for technical
understanding or the satisfaction of subverting the systems around
them (A lot of these people had interest in lockpicking or the
analogue cellphone network for example, not solely computer systems).
As a result of the media hype, it turned hacking into something
completely different. The media offered up its own idea of what
constitutes hacking and what motivates those who partake in it. It
became just another aquirable packaged lifestyle for teenagers
everywhere. Ego became the new motivation for this second generation
of media indoctrinated hackers. This is why, as some of you seem to
have forgotten, it was not the security industry which started the
idea of full disclosure. It was this second generation of
pseudo-blackhats which began the process. They were the ones who were
creating websites such as 'www.rootshell.com' which offered up
exploits and tools to all-comers. Heres the punch line -

 An interesting yet unintentional side-effect of the media hype, was
that it tricked the second generation blackhat community into
crippling itself. Their teenage desire for notoriety, fame, to
participate in something which was fast becoming the "in thing" led
them to expose all the underground secrets publically. Hacking was
dragged into the open, where it was vulnerable and ripe for
evisceration, it became nothing more than a dead carcass being torn
apart by the media, the second-generation blackhats, governments, and
good old capitolist exploitation.

It saddens me to see fresh-faced groups such as PHC ranting as if
they speak for the real blackhat community. It saddens me to see
people listening to them. Most of all, it saddens me that they attack
the security industry, which is largely doing an honourable and
socially responsible task. I don't deny that some industry players
are responsible for manipulation of the available information and
timing releases in order to maximise profit etc. But thats business,
it happens in every sector.

I think PHC is a sign that the security industry is making real
in-roads at making the internet more secure. I think they feel
cheated, that the lifestyle they bought into is coming to an end
because of the inevitable improvements in computer security.

What makes me smile, is that PHC and their peers helped bring about
their own downfall, and they are blissfully unaware of this fact :)

Euan Briggs

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPd5YskP0lBKBG8xoEQKT7gCg252Fz4j94V7vV7+n8d7dFUeBF8MAoOLc
9YqbYlbbJCIQf8IpFpfdCot1
=uvVo
-----END PGP SIGNATURE-----