Dailydave mailing list archives



Re: Firefox bugs [iRant]

I think I'll fill my quarterly dailydave quota on this. Several things. On terminology..I think the world would be a lot simpler if people would stop trying to hang on to the 'hacker' moniker once they work in infosec. The minute you start working in 'the industry' you're something else. What that something else is I don't know. I'm perfectly happy with the term 'sell out'...allthough that would imply I'd be able to get spinner rims. Plural. Point being..hackers hack. And by hack I mean they break into shit. If you don't break into shit..you don't hack..and therefore you are not a hacker. Spare me the 2600 inspired drivel. I've yet to meet anyone cool who actually cares about the politics of hacking. People who fork into hacker/cracker pseudo-philosophical bullshit are usually crackpots to begin with. Spare me your techno fascism. There is no golden unicorn...this is not a lifestyle. Hack for fun, hack for spite, hack for money. Whatever. I neither morally nor ethically give a proverbial flying fussball what anyone does with their free time. Just don't be that guy that thinks he's something special for being the walking equivelant of an architecture reference. For me exploit development does not equal hacking. Exploit development is creative debugging. Exploits are just a single approach to a problem that has a lot of different solutions. I'm not a hacker.. I'm a glorified QA monkey..and I'm fine with that. So do I think debugging software for a living relates to 'going against hackers'? Not quite. I'm not really all that jonesy for the 'look at me mom I'm an innerweb authoritay' fix. I stare at debuggers all day long. Whether it be my own or someone else's software..I don't really care. I just like puzzling. If someone wants to pay me to do that..well hooray for me I say. But I have no delusions about this work being scarily similar to the QA work you do for any other company. The focus is just shifted from fixing bugs to manipulating them. Ever been to a QA con? I thought so. Back on point. Firefox bugs. Sure. Clientside is the new pink as they say. But what amazes me is how anyone is surprised at any of this. True or false..it doesn't really matter. History and common sense dictates that if you browse the interweb with anything other than netcat, chances are you'll get owned at some point in time. (And even then it depends on which netcat). What I find more amusing is how the mozilla/firefox userbase seems to be almost in sync with the average Mac OS X user. Utterly stunned that firefox isn't the security valhalla they believed it to be. Such a lonely day. Bas On Wed, Oct 04, 2006 at 12:10:54AM +0200, endrazine wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, What's next? Spammers working with anti-spam companies? :> Well, no offense Dave, but aren't you a hacker working against hackers yourself ? ;) This schyzophrenia is part of the the process of living from your security research, right ? Best regards, endrazine- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFIt/uzX6JtL3KgRURAoMRAJ93wTou7+UQaY2WxS1MJWAnyxAGSwCgpOLA sdgXLLz+bs3YSJ+c6O5tASw= =JCQ9 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave

Attachment: _bin

Description:

_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

Re: Firefox bugs Lorenzo Hernández García-Hierro (Oct 04)

Re: Firefox bugs Matt Richard (Oct 04)