Home page logo
/

isn logo Information Security News mailing list archives

[defaced-commentary] SecuritynewsPortal response to defacement
From: InfoSec News <isn () c4i org>
Date: Thu, 25 Oct 2001 03:38:49 -0500 (CDT)

[Additional info at: http://www.newsbytes.com/news/01/171478.html - WK]


---------- Forwarded message ----------
Date: Wed, 24 Oct 2001 08:28:42 -0600 (MDT)
From: security curmudgeon <jericho () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] SecuritynewsPortal response to defacement


[In the wake of the SecurityNewsPortal defacement, they have decided to
shut down. The following is currently posted on their website. - jericho]

--

The SecurityNewsPortal was defaced on October 23rd by parties unknown. 

The SecurityNewsPortal will be allowed to die this evening as a result of
this defacement. 

Permit me to explain this decision. 


The defacer was of the mistaken belief that the SecurityNewsPortal was a
commercial endeavor that somehow made money.

Regrettably, like many things stated by the defacer nothing could be
further from the truth. 

Let us just clear up the defacer's mistaken notion about money in and
money out.... 

Money In :
* SNP had no paid advertisers.  The one ad allowed on the site was for a
company based in Malta. For which there was no charge !
* SNP had no financial backing from security companies or security product
vendors
* SNP never received gifts of Angel money from mysterious backers.
* SNP never sold its members mailing list - in fact we never even sent our
members e-mail
* SNP never sold or allowed advertising on the free newsticker it allowed
2700+ other sites to use
* SNP never received a single dollar in advertising or any other form of
revenue from anyone
* SNP never received any government sponsorship or support - unlike other
security web sites
* SNP never received any financial support from any major Universities or
Colleges - unlike other security web sites
* SNP never even received a lousy coffee cup or baseball cap from some of
the companies that we supported and talked positively about
* SNP never even received a corporate logo pen or knapsack from some of
the companies that we talked negatively about - heheh Pitbull ehehehe

Money Out :
* The fee for the domain name registration was donated by Marq
* The fees for the web hosting of the SecurityNewsPortal were paid
directly from the personal pocket of Marq.
* The fees paid for the bandwidth to supply 2700+ other security and
hacking sites with a FREE constantly updated newsticker was paid for by
Marq
* The cost of labor provided to collect the news 18 hours per day, edit
it, comment it and add it to the site was done by Marq for free...nada...
not a penny of compensation....zilch...

Contrary to what the defacer thought, the SecurityNewsPortal was exactly
what it always said it was, a non-profit educational site that was
prepared to present the latest in hacking and security news. 

Hey... we proved that a one person web site operating on a beer budget
could compete with the big commercial web sites

We took great pleasure in the growth of the SecurityNewsPortal over the
past six months.  We succeeded on a shoestring budget and with only one
person to accomplish what the commercial web sites could only be envious
of. 

And we took pride in beating other security and hacking sites to the
latest news and presented in an honest and unfiltered way.  Obviously
someone did not like that fact.  But it was also obvious that a lot of
people did like the way we were presenting the breaking news....

Being defaced does not embarass us... they weren't our web servers to
control or secure

Since the SecurityNewsPortal was financed solely out of the pocket of Marq
we had to host our web site on a commercial web hosting service.  The
server that was defaced was theirs - not ours.  It was not something that
was within our grasp to control or secure.  So we feel no shame that ' our
' web server was defaced.  Like hundreds of thousands of ordinary Joes we
simply pay our annual hosting fees and we rented space and bandwidth.  We
could not afford to do otherwise.  So there is no victory in having
defaced us.  You defaced our web hosting company...  congratulations. 

Some of the best hackers in the scene deliberately chose to leave us
alone..  I guess they liked us

I might point out that we were very honored that many of the worlds best
hackers had deliberately chosen to leave our web site alone all these
months.  Many of them became regular visitors to our web site and often
provided us with tips about where to look for breaking news stories.  We
believe that they appreciated the service that the SecurityNewsPortal was
providing to everyone in the security and hacking scene. To those elite
hackers we extend our thanks. 

Would it have been wrong to actually have had an advertiser or sponsor to
cover our cost of operating ?  Nah... 

Yes, we would have loved to have been a commercial web site.  It would
have been lovely to have actually gotten paid to do something that we
actually enjoy.  But unfortunately the defacer does not have a firm grasp
on the current economic state of the security industry.  The security
product and services vendors are not flush with large surpluses of cash. 
Many of them have been laying off incredibly talented staff in order for
their companies to survive until the current economic situation recovers. 
These security product and service vendors are not out there supporting
the security web sites with large chunks of advertising dollars.  They
simply do not have the surplus cash to support SecurityNewsPortals or even
the commercial Security web sites.  A simple look at the lack of
advertisers on the other security web sites will make that quite clear...
there is no profit in running a security web site at this particular time. 

The decision... our time has come

Having said all this I hope that our regular viewership will understand
why I have chosen to let the SecurityNewsPortal die at the hands of this
one defacer.  He has broken the old code of honor that still exist among
some of the more senior members of the hacking world and in doing so he
has betrayed his fellow hackers and security professionals by interfering
with their ability to get to the news that we were posting for their
benefit. 

We are realistic enough to understand that there is no point rebuilding
this web site in order for the defacer to simply come back and damage it
again.  There can not be 100% security for a web site that is hosted on a
commercial hosting service.  Since we are not able to fully secure this
web site there is no reason to re-open the site for a return defacement.by
this person. 

So there it is in a nutshell.  And maybe our decision to just stop the
SecurityNewsPortal will serve several points.  Possibly our defacer will
realise that only a non-profit, volunteer, non-commercial web site could
simply shut down like we are about to.  If we were a commercial web site
we would be scrambling to get our site back online to ' keep making money
'. 

Sorry dude but you were seriously mistaken about us.  We are now
officially shutdown. 

In parting... a few words to the Security Industry in support of the other
security web sites that are on the Internet

Possibly some good can come of this defacement that will benefit the other
commercial and non-profit security web sites that are operating on the
Internet.  SecurityNewsPortal was a non-profit site and we were not
actively seeking advertisers.  Our operating cost were small and Marq
could afford them.  We ran this site because we enjoyed it. 

But there are a good number of other important security web sites on the
net that are being run by small one and two person operations.  These
security web sites are being run by devoted fanatics like ourselves who
put in long hours of work gathering or creating content that benefit
everyone.  And yet they fail to receive any financial support from the
security industry.  At what point will they lose their enthusiam and
simply question why they volunteer such long hours with nothing in return
for their efforts from their own industry ?. 

We have seen over the past nine months a number of top flight security web
sites fold, give up or change hands.  Attrition.org's Mirror, Packetstorm,
SecurityPortal, Technotronic, Hack.zaire.co, and many others. Even as I
write this final note there are a number of other excellent security sites
that are preparing to shut down their sites. Just today we were even
starting to get rumors that SecurityFocus was about to change ownership
and we were trying to get official or inside confirmation on those rumors
before we broke the story.  All these great sites could have used more
advertising or financial support from the security industry...  but it was
not there.

So it would be nice if our departure helped some of those other security
sites, whether they be commercial operations or volunteer staffed
non-profit sites. 

In closing

It was our pleasure over the past six months to have played a role in
helping to keep everyone informed about what was happening in the security
and hacking scene. We hope that our explanation for why we have chosen to
let the SecurityNewsPortal officially die is understandable.  We simply do
not have the financial backing or support to pay for our own web servers
that we could control and secure from attack. 

To the 2700+ security and hacking web sites that used our constantly
updated free newsticker we extend our apologies.  We are not going to be
able to continue providing that service.  We are sorry about this
inconvenience and we trust you will understand.

To all the chaps in the military who enjoyed coming to our web site ( yes
I noticed those .mil in our logs ) I extend to you my heartiest best
wishes.  Keep up the good work and the good fight. 

And I would like to extend my personal best wishes to the professional
journalist who supported our work here at SecurityNewsPortal.com over the
past six months. Your friendship, professionalism, tips on breaking news
stories and never calling in the copyright cops after us was most
appreciated !

Oh... and as for me... well I will certainly have more free time, be able
to sleep in the mornings and go to bed earlier at night, Hey, I might even
be able to spend a few extra dollars on myself for a change instead of
paying it to this web hosting service. 

Most importantly, best wishes to all our friends in the security and
hacking community.  I truly appreciated your support, help, advice and
friendship over these last six months. 

I have attached a copy of the defacement that replaced our web pages
below.  Although it claims to have been done by Kimble, I would ask that
you take that with a grain of salt...

Marq  

snpmarq () yahoo com

Old hackers never die... they simply fade into the shadows..


-
The information and commentary is Copyright 2001, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staff () attrition org

To subscribe to Defaced Commentary, send mail to majordomo () attrition org
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
  • [defaced-commentary] SecuritynewsPortal response to defacement InfoSec News (Oct 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]