Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired

from [Georgi Guninski] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
Date: Wed, 27 Jul 2005 18:57:18 +0300 
On Tue, Jul 26, 2005 at 09:56:45PM -0500, J.A. Terranson wrote:


The so called .Zero Day Initiative. is aimed at ensuring the 'responsible'
disclosure of security flaws in order to make technology more secure for


this is how i interpret "responsible" - you give them the 0day and give up
your consitutional right of "free speech". they give you a few bucks.
very close to the american dream.
then they get richer and "you grow older and they grow colder and nothing 
is very much fun anymore" [1].
the movie "corporation" expliains it to some extent.


all users. The goal is to proactively protect businesses against newly
discovered vulnerabilities.



the goal is money, this is the PR version for the users naiive enough to vote
for idiots.


3Com will notify affected vendors of security flaws so they can
immediately begin working on a solution, most often in the form of a


secondary market of bought 0days?


The company stressed it would share vulnerability details freely with
other security vendors prior to public disclosure.



hope they don't forget to carbon copy me with the 0days different from CSS.


Zero day disclosure occurs when the discoverer of the vulnerability
discloses the flaw to the public without notifying the vendor, putting
businesses at risk from the time of disclosure until the affected vendor
issues a patch. It can take vendors weeks or months to supply a patch.



it is legal where i live.


division, said: "This program will extend our research organization even
further, and enable us to tap some of the most brilliant minds in the
global security research community..



i believe they will not "tap some of the most brilliant minds".
when one reaches a certain level of expertise and/or experience, the chances
that he is a money whore are low imho.


[1] paraphrased Pink Floyd, "One of my turns"

-- 
where do you want bill gates to go today?
 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [SECURITY] [DSA 768-1] New phpbb2 packages fix cross-site scripting, Martin Schulze
Next by Date:  Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired, James Tucker
Previous by Thread:  Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired, Christoph Gruber
Next by Thread:  Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired, James Tucker
Indexes:  [Date] [Thread] [Top] [All Lists]