I think I'll fill my quarterly dailydave quota on this.
Several things. On terminology..I think the world would be a lot simpler
if people would stop trying to hang on to the 'hacker' moniker once they
work in infosec. The minute you start working in 'the industry' you're
something else. What that something else is I don't know. I'm perfectly
happy with the term 'sell out'...allthough that would imply I'd be able
to get spinner rims. Plural.
Point being..hackers hack. And by hack I mean they break into shit. If
you don't break into shit..you don't hack..and therefore you are not a
hacker. Spare me the 2600 inspired drivel. I've yet to meet anyone cool
who actually cares about the politics of hacking.
People who fork into hacker/cracker pseudo-philosophical bullshit are
usually crackpots to begin with. Spare me your techno fascism. There is
no golden unicorn...this is not a lifestyle.
Hack for fun, hack for spite, hack for money. Whatever. I neither
morally nor ethically give a proverbial flying fussball what anyone
does with their free time. Just don't be that guy that thinks he's something
special for being the walking equivelant of an architecture
reference.
For me exploit development does not equal hacking. Exploit development is
creative debugging. Exploits are just a single approach to a problem that has
a lot of different solutions. I'm not a hacker.. I'm a glorified QA
monkey..and I'm fine with that.
So do I think debugging software for a living relates to 'going against
hackers'? Not quite. I'm not really all that jonesy for the 'look at me
mom I'm an innerweb authoritay' fix.
I stare at debuggers all day long.
Whether it be my own or someone else's software..I don't really care. I
just like puzzling. If someone wants to pay me to do that..well hooray
for me I say. But I have no delusions about this work being scarily
similar to the QA work you do for any other company. The focus is just
shifted from fixing bugs to manipulating them.
Ever been to a QA con? I thought so.
Back on point.
Firefox bugs. Sure. Clientside is the new pink as they say. But what amazes
me is how anyone is surprised at any of this. True or false..it doesn't
really matter. History and common sense dictates that if you browse the
interweb with anything other than netcat, chances are you'll get owned at
some point in time. (And even then it depends on which netcat).
What I find more amusing is how the mozilla/firefox userbase seems to be
almost in sync with the average Mac OS X user. Utterly stunned that
firefox isn't the security valhalla they believed it to be.
Such a lonely day.
Bas
On Wed, Oct 04, 2006 at 12:10:54AM +0200, endrazine wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
> > What's next? Spammers working with anti-spam companies? :>
>
> Well, no offense Dave, but aren't you a hacker working against
> hackers yourself ? ;) This schyzophrenia is part of the the process
> of living from your security research, right ?
>
> Best regards,
>
> endrazine-
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFIt/uzX6JtL3KgRURAoMRAJ93wTou7+UQaY2WxS1MJWAnyxAGSwCgpOLA
> sdgXLLz+bs3YSJ+c6O5tASw=
> =JCQ9
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dailydave mailing list
> Dailydave_at_lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- application/pgp-signature attachment: stored
Received on Oct 03 2006
Intro
