?

Log in

   Journal    Friends    Archive    Profile    Memories
 

GOGO pentesting: true stories of Infosec business in SE asia

beezariFeb. 21st, 2005 11:12 pm security in the minds of 'droids'

Its over. Times when suddently everyone wanted a magic word 'security'..
times when every company dreamed of "hiring a hacker from eastern europe" and
all the security problems will sort by its own. Times when script kiddies were
just a small group of idiots with downloaded code. Times when you had a bunch of
good people at bugtraq.. good friends, bright heads. Times when everyone still
thought full disclosure is a good thing. Times when noone ever heard of the word
"DMCA". Times when the word "terrorist" was something you just would hear on the
news sometimes, and this word wasn't good enough..to commit more murders... its
all over.

Security went "corporate", went "commerical". It caused big changes. Some
people who you respected, changed into entities of corprorate existance...
(suits, buzzwords, all this crap..), other people, just faded away from the
public. Nondisclosure started being more and more popular to stop the corporates
using and abusing the knowledge which used to be public, without contributing a
dime.

This is also the time when security jobs get less and less interesting, noone
ever needs any hi-tech work to be done anymore. Corporates realised that they
could make more money (and save even more!) on selling bullshit which noone
understands nor even cares about. The security market turned into selling
products (both services and software) full of bullshit, buzzwords, and general
nonsense. Clients buy it, because they also have no ability to evalute the
quality of what they buy... When I was kid, I watched "naked king" movie several
times, still couldn't believe that people could actually be that stupid.. well,
in fact now I realized they are.

Probably this another commercial "bum" on security bullshitism will be over
soon.. a bum when corporates are busy selling the air, making money out of
nothing, utilizing the knowledge which "technology hippies" and "hackers" freely
created. Labeling them "unmanageable" and "uncontrollable", allienating them
from the technology which they are part of. Monopolizing the right to know, the
right to publicize (hello DMCA, hi marketing droids!)

yeah, it's always cheaper to hire a keyboard monkey or a technical writer. It
doesn't mean that its going to be better though.. "Cheap. Good. Fast. Choose
two". The golden rule comes in mind. Something I used to see above my head,
printed out on a sheet of paper, during my first years of "infosec career".

Surely things will come back on its own circles. it's just another curve of
the endless spiral. Things will get sane again.. meanwhile it's time to lay back
and learn something new....

Leave a comment

beezariJan. 29th, 2005 05:55 pm On non-disclosure, bugtraq droids, hacker fetishists and the whole security biz all in one

"Those who know, don't talk. Those who talk, don't know" - LaoZi

Leave a comment

beezariJan. 24th, 2005 06:27 pm A competitor fighting story...

There amusing ways exist, how the companies can fight their competitors. One can ship the software, that is full of holes, and then make its penetration testing branch, to find these. The facts of having the holes found, makes the other companies absolutely lame, because they couldn't find these bugs (who could).

The better way, once you find these bugs, post them on some web board anonymously. Then make your sales droids print these, wrap in a nice envelope and mail to the client. See how "carrying" we are. Fanstastisch!

Current Mood: awake

Leave a comment

quidnoJan. 18th, 2005 06:09 pm more on guards

There is a joke in Thailand. If you have trouble sleeping, just go and obtain a guard's uniform by fair means or foul. Whenever you feel you want to sleep, just wear this uniform.
In the few months following 9-11, global economies reacted due to the lack of confidence in US homeland security. The reaction was, of course, a negative reaction. The venture capitalist confidence in the United States that had led to several million US dollars being invested in eGlobal's security business unit in Asia, had collapsed along with the Twin Towers. Money was withdrawn, offices were closed, salaries not paid, and the same process followed by eGlobal in Thailand was being followed by many other borrowing-founded operations across the world.
Earlier in 2001, part of that ill-founded VC confidence and bravado (a.k.a. 'my cock is bigger') had led eGlobal's operation in Thailand to relocate to the top floor of a plush 43 story office building - formerly 100% owned by another my-cock-is-bigger operation in Thailand: Ital-Thai construction, who suffered badly as a result of another investor confidence crash in 1998...but that's another story. An office space of half a floor in this building (about 400 metres squared) was allocated to a staff population of about 25. The monthly rent was 500,000 thai baht, or 12500 USD. The monthly income of this company in Thailand? Zero Thai baht, which is roughly equal to 0 USD.
The bravado that went with the VC's belief that they could make hundreds of thousands of dollars from Asia's corporates was reflected in the belief that such an office space could be filled in less than 12 months, and this in a place where investment, even on life insurance, could take a sales cycle of 24 months!
So the office was evacuated. The servers and computers, several thousands dollar's - worth of machine power that was rarely used, was evacuated from the building, slowly but surely. Lift-load after lift-load of computers and servers floated under the noses of the guards who were either asleep or unaware of the gravity of the situation before their half-open eyes. This equipment was evacuated from an office, the occupier of which had not paid the rent for 3 months!
So, the last trolley, carrying the last PC, that was being pushed by Thai admin staff with the kind of look on their face like "thank Buddha i'm getting out of here without a jail sentence" emerged from the lift. An operation lasting 2 days, involving a mass evacuation of a vast amount of computer hardware, had not triggered the attention of the guards on duty at the Ital-Thai building until...this last PC was being pushed out the door. Was this last PC the device that pushed the operation past the threshold of what constitutes a mass theft operation in Thailand? Or was it that other, more astute staff in the building, had alerted the guards, or was it that the guards themselves had been asleep for the 2 days of the evacuation? Who knows, and in any case, given that the explanation of the Thai admin staff seemed to work ...it didn't matter anyway.

....more later...bits filled etc.

Leave a comment

quidnoJan. 18th, 2005 05:25 pm

A true story of thai guards not stopping the evacuation of servers until the last PC (this is a test as well :))

1 comment - Leave a comment

beezariJan. 18th, 2005 05:19 pm Introduction

This community is dedicated to reveal the true stories of infosec business experience in SE Asia region. :)

Leave a comment