My Pastes
Public Pastes
Layout Width
Share Pastebin
Guest
Public paste!

james

By: a guest | Jul 14th, 2009 | Syntax: None | Size: 2.76 KB | Hits: 394 | Expires: Never
Download | Raw | Embed | Report abuse
Copy text to clipboard
  1.    The purpose of this movement is to encourage a new policy of anti-disclosure
  2.    among the computer and network security communities. The goal is not to
  3.    ultimately discourage the publication of all security-related news and
  4.    developments,  but  rather,  to  stop the disclosure of all unknown or
  5.    non-public exploits and vulnerabilities. In essence, this would put a stop
  6.    to the publication of all private materials that could allow script kiddies
  7.    from compromising systems via unknown methods.
  8.  
  9.    The open-source movement has been an invaluable tool in the computer world,
  10.    and we are all indebted to it. Open-source is a wonderful concept which
  11.    should and will exist forever, as educational, scientific, and end-user
  12.    software should be free and available to everybody.
  13.  
  14.    Exploits, on the other hand, do not fall into this broad category. Just like
  15.    munitions,  which  span  from cryptographic algorithms to hand guns to
  16.    missiles, and may not be spread without the control of export restrictions,
  17.    exploits should not be released to a mass public of millions of Internet
  18.    users. A digital holocaust occurs each time an exploit appears on Bugtraq,
  19.    and  kids  across  the  world download it and target unprepared system
  20.    administrators. Quite frankly, the integrity of systems world wide will be
  21.    ensured to a much greater extent when exploits are kept private, and not
  22.    published.
  23.  
  24.    A common misconception is that if groups or individuals keep exploits and
  25.    security secrets to themselves, they will become the dominators of the
  26.    "illegal scene", as countless insecure systems will be solely at their
  27.    mercy. This is far from the truth. Forums for information trade, such as
  28.    Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to
  29.    harm the underground and net than they have done to help them.
  30.  
  31.    What casual browsers of these sites and mailing lists fail to realize is
  32.    that  some  of the more prominent groups do not publish their findings
  33.    immediately, but only as a last resort in the case that their code is leaked
  34.    or has become obsolete. This is why production dates in header files often
  35.    precede release dates by a matter of months or even years.
  36.  
  37.    Another false conclusion by the same manner is that if these groups haven't
  38.    released anything in a matter of months, it must be because they haven't
  39.    found anything new. The regular reader must be made aware of these things.
  40.  
  41.    We are not trying to discourage exploit development or source auditing. We
  42.    are merely trying to stop the results of these efforts from seeing the
  43.    light.  Please  join  us  if  you  would  like  to  see  a stop to the
  44.    commercialization, media, and general abuse of infosec.
  45.  
  46.    Thank you.
create new paste | create new version of this paste RAW Paste Data