Don't be confused by the evil words of whitehats. They dont really care about security, all they care about is money. They are hypocritical mercenaries that will do whatever suits _their_ interests. The common whitehat belief, is that we should pity corporations and private entities for not having the knowledge to secure themselves, and as such should feel some sort of moral duty to use our knowledge and abilities to aid them in the protection of their assets. Make no mistake however, these companies care for nothing more than their bottom line. None of them really want to secure anything all they want is a scapegoat, someone they can point the finger at when shit hits the fan and say, "It's his fault Mr. CEO, that's why our client databases got posted on a public hacker website.". Let's examine the converse side of the situation, do you think for a second that senior level executives in companies who've managed to figure out the system to the extent where they can embezzle, swindle, and screw good people out of millions and millions of dollars totally unjustly (and yet entirely leg- ally), would feel any sort of obligation whatsoever to use the knowledge that they had gained to facilitate those who did not have that knowledge in obtaining what it is they were after ($$$$). Why should I feel at all inclined to protect the assets of people who have more than likely obtained those assets by 'morally' unscrupulous actions. In all actuality, we have established that contrary to what prominent people in the business community will have you believe there is very little (if any) ethics involved in the business model of your average supercompany, (Worldcom, Enron, Tyco, etc.) which more often than not employs the "Let's fuck them, before they fuck us" mentality. I challenge whitehats, any and all, to give me a single viable reason as to why I should feel compelled to help a bunch of self- interested, self-absorbed, financial barbarians protect assets they probably shouldnt have in the first place. Why should I care if sl4ppyj4ck the script kiddie makes life miserable for a bunch of assholes trying to cash in on the inherent gullability of the average schlep, who cant find people skilled enough to secure their machines without subscribing to bugtraq? See the white- hat community will also have you believe that we need to make the information superhighway safe for "Joe Q. Websurfer", when in all practicality "Joe Q. Websurfer" is only going to be targeted by script kiddies, who would never have the means of causing him any grief if powerful exploit code wasn't given to any- one with a compiler. If the information I'm providing to a person, for whatever reason, is being wasted or undervalued, why should I continue to give this person (or group of people e.g. SECURITY COMMUNITY) this information? So we must ask ourselves the following question: Who is really benefitting from full disclosure practices, the companies that will most likely not even patch holes after they're released, and even if they do remain vulnerable to countless number of "0day" bugs that will remain undisclosed. Or is it really the under- talented, overrated, glory seeking, self-proclaimed "Security Guru" provocaturs of anything that will increase their profit margins, and notariaty, at a rate directly proportional to the amount of security FUD that exists on public full disclosure mailing lists. The message is simple: STOP READING BUGTRAQ, STOP POSTING EXPLOITS, CLOSE YOUR FUCKING WEB BROWSER, START READING A BOOK, START LEARNING SOMETHING THAT WILL BE MORE SELF-FULFILLING THAN BEING A FUCKING LEECH THAT MAKES MONEY OFF OF THE TIME AND EFFORT OF PEOPLE SMARTER THAN YOU COULD EVER HOPE TO BE. -Someone who's sick of supporting an unrighteous cause.