Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: n3td3v has a fan
From: "Garrett M. Groff" <groffg () gmgdesign com>
Date: Wed, 9 Apr 2008 13:30:06 -0400

Good point regarding English grammar. I would definitely dissent with 
someone who proved to be inordinately picky regarding sentence construction 
or style.

Still, good grammar and judicious use of writing style has its uses. Here 
are two: professionalism and persuasiveness (yes, they're not mutually 
exclusive). Bad writing leads to--fairly or otherwise--a lacking in 
credibility. It looks unprofessional and leaves you with a smaller audience 
of people who will take your points seriously (again, right or wrong). 
You're left only with people who know you or are willing to overlook the 
frequent grammatical and stylistic faux pas. By reducing your audience, you 
reduce the effectiveness of your writing, needlessly.

Persuasiveness (related to professionalism, of course) also suffers when 
writing style is poor. It's hard to be persuasive if the reader finds the 
points confusing due to sentence construction, style, or other reasons. And, 
as mentioned, one is less persuasive if readers find the writing style 
unprofessional.

Bottom line: if being professional and persuasive aren't important, then 
writing style and attention to grammatical detail aren't that important. 
Otherwise, they are very important. Depends on your audience, motivations, 
and ambitions.

- G


----- Original Message ----- 
From: "n3td3v" <xploitable () gmail com>
To: <full-disclosure () lists grok org uk>; "n3td3v" <n3td3v () googlegroups com>
Sent: Wednesday, April 09, 2008 12:49 PM
Subject: Re: [Full-disclosure] n3td3v has a fan


On Wed, Apr 9, 2008 at 8:06 AM,  <malix () hush com> wrote:
First, learn the proper use of the English language before choosing
to mouth off with it.

People think english and spelling matters, but its what you say that
counts not the way you say it.

This is a concept many have failed to grasp in recent times.

For instance, I went on Cnet News last night and told them about
offline machines:

Connected to the internet?: reader comment from n3td3v

Posted on: April 8, 2008, 8:10 PM PDT
Story: Breaking into a power station in 3 easy steps

Computers don't need to be connected to the internet to get infected
with the latest and greatest zero-day, someone, a rogue employee
downloads code from the internet or makes his own, then uploads it to
his memory key, then walks into power station, plugs it in with the
intent to infect and hey presto, your infrastructure gets compromised.
Valuable lesson: _ALL_ your computers need to be patched against the
latest zero-day threats, not just online ones BUT offline systems too.
Even computers which will NEVER have an internet connection _still_
need to be patched. The threat from rogue employees and the inside job
is far greater than an internet facing computer. Is anyone listening?
I've been repeating this for years, the internet isn't the threat, the
real number one threat to cyber security is the inside job. Got the
message yet? The national infrastructure terrorists want to attack is
*permanently offline* and the terrorists know this, but what they also
know is those offline systems are *permanently unpatched* because the
administrators think the bugs being released by security researchers
on-the-internet won't touch offline-machines, think again. The
terrorists aren't trying to hit your internet facing stuff, they are
far more interested in going after your offline machines, as these are
the most important ones. All the best, n3td3v.

http://www.news.com/5208-10784_3-0.html?forumID=2&threadID=36712&messageID=396611

[/snip]

Now it may look like the above isn't written correctly, but I think I
got my point across pretty well.
Weather the english, grammar, spell checker police take it seriously
is another matter. ;)

My online friend who worked in the US Navy for 6 years in cyber
security said I should have wrote it like this:

---------- Forwarded message ----------
From: Chris Mills <E-mail Removed>
Date: Wed, Apr 9, 2008 at 5:07 AM
Subject: Try this
To: xploitable () gmail com

Computers don't need to be connected to the internet to get infected
with the latest and greatest zero-day malware.

Insiders are one of the greatest threats to any enterprise: business
or government.

Consider This:
An employee with any amount of access can download code from the
internet or make his or her own. With a simple copy to his USB memory
key, he then walks into power station, plugs it in with the intent to
cause harm. An unpatched, offline system IS vulnerable.

Valuable lesson:
All your computer systems are vulnerable. They all need to be patched
against the latest threats, just as you would patch your internet
connected devices.
Even computers which will never  have an internet connection still
need to be patched. The threat from rogue employees and the inside job
is far greater than an internet facing computer. This has been seen
over and over in news articles and threat reports published by the top
security companies.
The national infrastructure terrorists want to attack is permanently
offline and the terrorists know this, but what they also know is those
offline systems are permanently unpatched because the administrators
think the bugs being released by security researchers on the internet
won't touch offline-machines. This is a dangerous assumption on the
part of security administrators. The terrorists aren't trying to hit
internet facing devices, they are far more interested in going after
offline machines which control far more important devices. This is
their gold mine.

All the best, n3td3v.

[/snip]

But I don't agree with him because its not got the same punch and passion.

Regards,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]