data structures

ok, a question for /prog/rammers:

i need a data structure that can be implemented as a table (or has memory requirement for pointers of less than around 100MiB for 500000000 elements, each of equal size) and has O compexities for inserting and searching through it of less than O(n)?

alternatively has memory requirement of 100MiB for pointers for 500000000 elements of the same size and cannot save multiple occurences of the same data (for example can't save two 1's) and has insertion complexity of less than O(n)

I was thinking about a binary heap, but searching through it is rather slow (isn't it O(n)?)

i implemented a sorted list (in a table), but inserting is awfully slow for more than few MiBs of data (and as the program searches through the data as often as adds new, it's really slow), because inserting has O(n) complexity. (i thought that memmove() will be able to do some wonders and make its use feasible but it didn't work out)

so what will be better?
modified heap (in some way), VList, hashed array tree, else?

tl;dr: data structure with insering complexity less than O(n) and searching also less than O(n) and memory for pointers of O(1) or less than around 100MiB for 500000000 elements

read sicp

read k&r

ok, i think i found one: beap

isn't there anything better?

>>2,3
don't have anything meaningful to add, don't add anything

>>1,3
don't have anything meaningful to add, don't add anything

Just use some sort of balanced tree with large nodes (25+ elements per).

Use an ArrayList.

>>1,4
don't have amnything meaningful to add, don't add anything

Use a treap (tree-heap)

No, use a hree (heap-tree).

Use cons

B TREE

thread over

A cons cell is probably what you want to use here.
The car is the first element, whilst the other car is a cdr XD

Use a jlree (Tree implemented in Lisp implemented in Java).

>>9
don't have memory for keyes

>>10
haven't heard about this one

>>15 haven't heard about this one

Get a better CS text.

>>16
it looks like it's just a heap...

>>17
No, it's a heap-tree. Google it.

>>18
two different sites not using wikipedia define heap-tree as just-a-heap:
http://www.smartcomputing.com/editorial/dictionary/detail.asp?guid=&searchtype=&DicID=17573&RefType=Encyclopedia
http://www.aihorizon.com/essays/basiccs/trees/heap.htm

>>19
Well, I'm impressed by your research skills at least, considering I just quoted a post with some of the words rearranged. I'm somewhat less impressed by your bullshit-detection skills, considering you let ``hree'' slip by.

>>20
intresting...
http://www.google.com/search?q=heap+hree
just look at the first result...

>>21
i lol'd -- now we'll have to come up with an explanation for it though...

Treaps are not Heap-Trees

>>21
Why does /prog/ get indexed by Google so quickly? Shouldn't we have an awful, near-zero pagerank?

>>24
I'll bet that half of the PhDs at Google are /prog/rammers.

The russian 2ch programming board links to /prog/ regularly (the Anal Touring meme seems to be popular there for some reason)

>>26
I find this bit amusing. Over here, our russian neighbours have a reputation for being very good with hardware.

>>24
google doesn't work this way

>>23
no, but hrees are heap-trees
and as i stated before, i don't have the memory for keys in treaps

>>28
How does Google work?

>>30
no one apart from google programmers and CEO's (former programmers) doesn't know for sure

but i'm sure that 4chan has non-zero page rank

I suspect >>10 wasn't being serious with his reply, and we have been trolled constantly.

CEO's (former programmers)
Lol.

>>33
you know, it's actually true for google, and only for google...

...ok, if you are persistent, then maybe, for MS (only if you consider a cracker a programmer...)

>>32
yup, i think so too

Step 1. Read some of the thread titles.
Step 2. Realize this board in 99.5% idiot troll crap.
Step 3. GTFO

>>34
Crackers are some of the best programmers. It takes skill to find and exploit a buffer overflow for anything more than a simple DoS.

>>36
A cracker cracks software.
A hacker exploits buffer overflows and whatever.
And yes -- hackers are the best programmers, before wizards ofcourse.

>>37
Eh, semantics. I prefer the archaic meaning of ``hacker,'' leaving ``cracker'' to refer to hackers who crack computer security. At least I don't call them all ``hackers,'' like the proles do.

>>38
Indeed, but, what I described is the hacker with the ARCHAIC meaning.
There is no such thing as 'compiter security' that's bullshit some faggots sitting in their offices came up with so they can employ more faggots in their company and have an excuse for their shitty (leech-like) excistence.
You know. sort of ``web 2.0'', ``enterprise'' and all that crap.

A hacker is someone who hacks, someone who finds mistakes in implementations by having deep knowledge of the subject/item implemented and the tools used.

Let me make this straight:

Hacker - someone who knows a shitload about everything and hacks
Cracker - someone that unlocks software
Wizard - beyond time and space, someone who achieved satori

>>39
http://en.wikipedia.org/wiki/Hacker_definition_controversy

Hacker meant "someone who fucks around with computers" long before it had anything to do with security.

>>40
Or rather, should you continue to deny the existence of computer security, it meant that long before it meant someone who finds flaws in software. Sage for edit.

At least this isn't the whole whitehat blackhat bullshit.

Fuck whitehats.

Hacker == Hacker.

``cracker" == someone who cracks software || gay whitehat wording to make themselves feel leetsause.

wizard == your average ``blackhat"

THIS MOVEMENT IS APART OF THE ANTI-SEC / ANTI-WHITEHAT MOVEMENT.

THIS IS NOT A JOKE READ THE ENTIRE FUCKING FAQ.

THIS IS THE SIMPLE #PHRACK FAQ:

keep this in mind: when speaking of phrack "magazine" we mean that whitehat
magazine on phrack.org. also we use examples, but this applies to all people
and websites that fall into these categories.

1) what is a whitehat?
a) A WHITEHAT IS ANYONE WHO HELPS THE SECURITY INDUSTRY (POSTING BUGS/INFO ETC)

2) are there greyhats?
a) NO, ONCE A PERSON HAS THE EVIL WHITEHAT WAYS INSIDE OF THEM, THEY BECOME A PURE WHITEHAT, PLAIN AND SIMPLE.

3) how come "blackhats" are helping the security industry (bugtraq/phrack)?
a) THE SECURITY INDUSTRY INFECTS HACKERS WITH THESE EVIL THOUGHTS. THE
   SECURITY INDUSTRY BRAINWASHES HACKERS TO WORK FOR THEM (BY PUBLISHING THIS
   BUG/INFO/CODE INFORMATION). ALSO THESE PEOPLE ARE NOT BLACKHATS, THEY ARE
   WHITEHATS BASED ON QUESTION #2. THE PROBLEM IS THAT THEY DO NOT REALIZE IT.
   ALSO MOST OF THESE SO CALLED "BLACKHATS" DONT HACK. REAL HACKERS DO NOT
   ACTUALLY PUBLICIZE SUCH INFORMATION (TO PHRACK BUGTRAQ ETC).

4) how is phrack a whitehat magazine?
a) EVERY TECHNIQUE THAT IS RELEASED IN PHRACK IS NOW REALIZED BY THE SECURITY
   INDUSTRY. THE SEC INDUSTRY NOW SPENDS TIME TO THWART THESE TECHNIQUES.

   ALSO, ALOT OF THE ARTICLES IN PHRACK DO NOT BENEFIT THE "HACKER SCENE"
   AT ALL. HOW IS IT POSSIBLE THAT "POSITIVE" IDS ARTICLES OR HONEYPOT
   KEYLOGGERS MAKE THERE WAY INTO A "for hackers by hackers" MAGAZINE?

5) what are people like spaf/chris rouland/lance then?
a) THEY ARE THE ENEMY. WHITEHATS = ENEMY.

6) im confused, i thought k2 is a blackhat but he helps with honeypot?
a) HES NOT A BLACKHAT, HES A BAD ROLE MODEL FOR ALL HACKERS. HE IS
   BRAINWASHED BY THE SECURITY SCENE. IF HE CHANGES - GOOD FOR HIM. IF HE
   CONTINUES HIS WAYS - HE WILL CONTINUE TO BE THE ENEMY.

7) i get what you're saying now, so like k2/duke/horizon/scut (for example)
   aren't really hackers, they are just brainwashed by the security industry
   to work for them?
a) THIS IS ABSOLUTELY FUCKING CORRECT.

8) so what am i supposed to do?
a) STOP MAKING ANY OF YOUR INFORMATION PUBLIC. BY INFORMATION WE MEAN
   CODE,BUGS,TECHNIQUES ETC. KEEP THIS INFORMATION PRIVATE. DON'T TRADE
   IT ON IRC. DON'T ENTRUST THIS INFORMATION INTO INDIVIDUALS YOU DONT
   TRUST 100% (SOME PEOPLE TURN AROUND AND LEAK ALL YOUR SHIT OR THEY
   END UP SELLING IT TO ISS). AND FOR FUCKS SAKE, TRY ACTUALLY USING
   WHAT YOU CODE/FIND.

9) why do people like that whitehouse guy say "hackers shouldnt help criminals"
   or "hackers should help security industry by responsibly disclosing bug
   information to companies"?
a) THIS IS APART OF THE MASSIVE CAMPEIGN TO GET HACKERS TO WORK FOR THEM.
   THE FACT IS THAT IF THE "HACKING SCENE" DOESNT HELP THE SECURITY INDUSTRY,
   THEY WILL BECOME LOST BECAUSE THEY ARE A BUNCH OF COMPLETE IDIOTS. THE
   BEST BUGS/INFORMATION IS USUALLY GIVEN TO THE SECURITY INDUSTRY BY PEOPLE
   IN THE "HACK SCENE", AND THIS IS A FACT. IT MUST STOP.

10) how can i help?
a) HELP SPREAD THIS WAY OF THINKING TO EVERYONE YOU KNOW, ONCE PEOPLE REALIZE
   THEY ARE BEING BRAINWASHED AND PROFITTED OFF OF, THEY WILL CHANGE. IF YOU
   WANT TO MAKE A SIGNIFICANT CHANGE, START MAYBE THINKING ABOUT PROJECT MAYHEM.

11) ok, but like what if i dont want to change now? "lol"
a) YOU WILL BE HUNTED DOWN LIKE K2, DERAADT, DUGSONG, ETC. THE INTERNET
   IS NO LONGER SAFE FOR WHITEHATS. NO LONGER SAFE FOR THE SECURITY INDUSTRY.

12) what should whitehats think of this movement?
a) WHITEHATS/SECURITY INDUSTRY PEOPLE SHOULD BE AFRAID OF THIS MOVEMENT.
   IT SEEMS THAT HIGH MEMBERS OF THE SECURITY INDUSTRY HAVE ALREADY FALLEN
   VICTIM TO THIS MOVEMENT. THEY SHOULD STOP PUBLICLY MAKING AVAILABLE
   INFO SUCH AS "BUGS" OR "CODE" OR "TECHNIQUES". IF THEY DO NOT CHANGE
   THEY WILL CONTINUE TO BE TARGETED, AND IT SUCKS TO GET OWNED/FIRED/
   PHYSICALLY BEATEN.

13) why does #phrack like DMCA?
   DMCA MAKES IT SO THAT PEOPLE CAN'T POST THESE BUGS/CODE ETC. READ UP
   ON IT. IT WILL BE A GREAT WEAPON FOR THIS MOVEMENT ONCE IT STARTS
   BEING ENFORCED ON A REGULAR BASIS.

14) ya ok, i think im going to change, this isn't some joke right?
a) NO IT ISN'T A JOKE. SECURITY INDUSTRY CANT SURVIVE AT ALL WITHOUT
   THE SELLOUTS & BRAINWASHED SECTION OF THE HACKER SCENE. CHANGE YOUR
   FUCKING WAYS. DONT POST. DONT HELP THE SECURITY INDUSTRY.

   STOP... BEING.... BRAINWASHED......................

THE END: written in 25 minutes by the PHC, so dont bug us.

Ok, lately more and more people kept asking the same questions.. They forced
me to write down this FAQ so, read it and then ask questions!

1. What the fuck is pr0j3kt m4yh3m i been hearing about?

Pr0j3kt m4yh3m is the movement started by a group of blackhats that decided
they can't bare anymore with the FUD and lies spread by the whitehat
community, with the greed that is definitory for IT security companies, with
the leeching performed by these companies on hackers and so on. Pr0j3kt
m4yh3m is carried on by multiple independant cells who accomplish project's
missions. This movement is not about terrorism but more about retaliation
and cyber guerilla warfare.


2. Why do you hate whitehats? Just because they earn money?

Heh, this one is a redundant question. It keeps repeating all the time. Now,
once and for all, we don't hate the whitehats because they earn money but
for the ways they earn those money. By lying, by spreading rumours, by
leeching on the underground that formed them. Them and IT companies are also
targeted because they lie clueless people regarding hackers. They make
hackers look as some sort of cyber terrorist that all he does is creating
panic amongst all sorts of internet habitants. They also say that hackers
can break into *ANY* machine connected to the internet, this ofcourse
creating panic and enlarging their market segment. They don't care about
security, all they do care about is money. They are evil! They leech their
employees, they leech the underground, they leech their clients. Figure out
for yourself.


3. Why are you guys against full disclosure?

Disclosure is, never the less, a bad thing. Figure it out: how many
classified informations from other domains are made public?! NONE, zero,
nada, nothing! But still, they promote the full disclosure in computer
security. Have you ever asked yourself why? It's not that they care for the
regular company that can't afford to hire a decent administrator... They
want publicity, they want media attention, all this resulting in material
benefits: if an IT security company makes public a proof-of-concept code or
an advisory, it performs two things. It gets fame for that (and ofcourse, a
larger market segment) and thousands of kiddies all over the world eventually
work out an exploit from the advisory. So, people would fear getting hacked
so, they would become customers of that IT security company. Remember this:
knowledge given is power lost. Why giving powerful weapons to the kids all
over?


4. Real blackhats stay in underground. Why did u come out front?

As we stated in 1., we just can't stand anymore seeing what the whitehat
community is doing. They almost killed the scene, breaking it in half.
Whitehats all over the world are brainwashing thousands and thousands of
people, making them share their mindset. As a result, people think that
blackhat equals script kiddie and hacker equals IT security researcher. This
is so wrong! Hackers hack! Most of whitehat knowledge originates from the
underground. Most of the stuff they publish is heard by them from the few
underground connections left. And yet, they try to kill this underground and
they call it "script kiddies". ~el8/PHC/other groups will carry on this war
forever, until something changes! More and more groups adhere to pr0j3kt
m4yh3m.


5. Is Pr0j3kt M4yh3m visible to us?

Hell yeah! Even if nobody knows the other cells, even if nobody knows what
others do, look around you: you see supposedly secured servers gettin
hacked, you see security professionals hacked proving that they are giving a
false sense of security. *EVERYTHING* aimed at harming security industry in
one way or the other is an action of pr0j3kt m4yh3m. Pr0j3kt's cells are
spread all over the world, one could even be in your neighbourhood so watch
out!

Don't be confused by the evil words of whitehats.  They dont really care about
security, all they care about is money.  They are hypocritical mercenaries that
will do whatever suits _their_ interests.  The common whitehat belief, is that
we should pity corporations and private entities for not having the knowledge
to secure themselves, and as such should feel some sort of moral duty to use
our knowledge and abilities to aid them in the protection of their assets. Make
no mistake however, these companies care for nothing more than their bottom
line.  None of them really want to secure anything all they want is a scapegoat,
someone they can point the finger at when shit hits the fan and say, "It's his
fault Mr. CEO, that's why our client databases got posted on a public hacker
website.".  Let's examine the converse side of the situation, do you think for
a second that senior level executives in companies who've managed to figure out
the system to the extent where they can embezzle, swindle, and screw good people
out of millions and millions of dollars totally unjustly (and yet entirely leg-
ally), would feel any sort of obligation whatsoever to use the knowledge that
they had gained to facilitate those who did not have that knowledge in obtaining
what it is they were after ($$$$).

Why should I feel at all inclined to protect the assets of people who have more
than likely obtained those assets by 'morally' unscrupulous actions.  In all
actuality, we have established that contrary to what prominent people in the
business community will have you believe there is very little (if any) ethics
involved in the business model of your average supercompany, (Worldcom, Enron,
Tyco, etc.) which more often than not employs the "Let's fuck them, before they
fuck us" mentality.  I challenge whitehats, any and all, to give me a single
viable reason as to why I should feel compelled to help a bunch of self-
interested, self-absorbed, financial barbarians protect assets they probably
shouldnt have in the first place.  Why should I care if sl4ppyj4ck the script
kiddie makes life miserable for a bunch of assholes trying to cash in on
the inherent gullability of the average schlep, who cant find people skilled
enough to secure their machines without subscribing to bugtraq?  See the white-
hat community will also have you believe that we need to make the information
superhighway safe for "Joe Q. Websurfer", when in all practicality "Joe Q.
Websurfer" is only going to be targeted by script kiddies, who would never have
the means of causing him any grief if powerful exploit code wasn't given to any-
one with a compiler.  If the information I'm providing to a person, for whatever
reason,  is being wasted or undervalued, why should I continue to give this
person (or group of people e.g. SECURITY COMMUNITY) this information? 

So we must ask ourselves the following question: Who is really benefitting from
full disclosure practices, the companies that will most likely not even patch
holes after they're released, and even if they do remain vulnerable to countless
number of "0day" bugs that will remain undisclosed.  Or is it really the under-
talented, overrated, glory seeking, self-proclaimed "Security Guru" provocaturs
of anything that will increase their profit margins, and notariaty, at a rate
directly proportional to the amount of security FUD that exists on public full
disclosure mailing lists.

The message is simple:
STOP READING BUGTRAQ, STOP POSTING EXPLOITS, CLOSE YOUR FUCKING WEB BROWSER,
START READING A BOOK, START LEARNING SOMETHING THAT WILL BE MORE SELF-FULFILLING
THAN BEING A FUCKING LEECH THAT MAKES MONEY OFF OF THE TIME AND EFFORT OF PEOPLE
SMARTER THAN YOU COULD EVER HOPE TO BE.


-Someone who's sick of supporting an unrighteous cause.

A PHC PRODUCTION: THE REAL SCRIPTKIDDIES

[Posted to the netsys.com 'full-disclosure' list.]

Does anyone find it strange that the talentless scriptkiddy Ron DuFresne is
banging on about "kids this" and "kids that"? I certainly do. This clueless
moron is in no position to speak down on or scold those he obviously knows
nothing about.

If you search google for his name, you can easily see the technically inept
scriptkiddy Ron DuFresne making a monkey out of himself:

http://www.google.com/search?q=%22Ron+DuFresne%22

This guy knows nothing beyond 1980's security policy construction and
point-and-click firewall operation. He makes many technical blunders in his
posts and displays an uncanny knack for sounding like a total dumbass.

For those out of the loop, the scriptkiddy Ron DuFresne was a former member
of the defacement group known as GForce Pakistan, albeit only for a month or
so at most. What's sad is that he has admitted this in the past, but
justifies it as some kind of adventure "for research purposes." He also
denies having defaced any websites. Still, makes you wonder, doesn't it?

I also see many other technically incompetent people/leeches on this list
who are making unqualified assertions that so-and-so are scriptkids, that
so-and-so don't know their stuff, that so-and-so are attention deprived...

If you can answer 'yes' to all of the questions below, then by all means
feel free to think of yourself as equal to or better than these ~el8 guys.
Otherwise, please stop speaking down to people who are obviously much more
technically skilled than your ignorance will ever allow you to be.

* Do you know how to program in C? Are you intimately familiar with ISO C89?
C99? While other people in your neighbourhood were out partying, were you
sitting at home in bed making an almost biblical study of the POSIX
standards? What about those from The Open Group?

* Do you know how to write hash tables? Balanced trees? Do you know the art
of algorithms? Do you know Knuth's work like the back of your hand? Did you
teach yourself everything about computers that one would otherwise only
learn by paying thousands of dollars for in Computer Science tuition?

* Do you know how to juggle assembly code in your head for multiple
architectures, such as MIPS, SPARC, x86? Do you understand the peculiarities
of each architecture down to the nittiest, grittiest details? Can you
optimize your own assembly routines? Can you take advantage of things such
as Pentium instruction pairing or the delay slots in various RISC
architectures? Do you understand the deal with the I-Cache on MIPS? Are you
fluent in assembly language? Hell, do you even know what SPARC stands for?
Quadrants in PA-RISC, make sense?

* Do you know how to write your own exploits? Do you know how to audit
software with surgical precision for the most intricate bugs imaginable? Do
you know how to take advantage of buffer overflows? Do you know how to
exploit off-by-one errors on a little-endian machine? Do you know about
integer overflows and signedness issues? Can you exploit format string
vulnerabilities? Can you gain control of a process vulnerable to a heap
overflow via a deep knowledge of the malloc implementation on the target
host? Do you know how to bypass the "security" afforded by crap like
Openwall, StackGuard, PaX? Or is your knowledge of these things limited to
the papers that non-hackers publish? You probably think the people trying to
help the security community with bullshit patches/fixes like this are
hackers, when in fact no hacker would ever publish any such thing that aims
to improve security.

* Have you studied the UNIX kernel with as much fervour as some would have
for physical pursuits such as basketball or baseball? Do you know the data
structures and organization in the kernels of various operating systems?
Have you read books on UNIX internals cover to cover? Do you know how Linux
works under the hood? Can you write your own kernel modules for both defense
and offense? Ever written a kld on FreeBSD? Can you write a device driver
for a peripheral that your OS doesn't support? Can you find flaws in kernel
src trees that allow you to compromise a machine given local access?

* What do you know about evading (N)IDS? Your knowledge isn't limited to
what Thomas Ptacek & Tim Newsham have said years ago, right? Surely you
don't rely on tools written by people like Dug Song who like to think of
themselves as hackers, when in fact they are traitors to the underground,
assuming they were ever a part of it to begin with.

* What do you know about defeating firewalls? What techniques have you
innovated and pioneered on your own? What tools have you written that allow
you to toy with firewalls? Hell, the fucktard security community is probably
limited to lameass crap like Firewalk.

* What do you know about web security? Do you sit back and laugh at the
"cross-site scripting" revolution governed by an idea that has been around
well before the CSS/XSS sensation that literally blew the dumbass security
community apart? Must've wasted a lot of brain cells with that gigantic
stretch of the imagination. Do you laugh at all these "SQL injection" papers
and how most of them overlook the blatantly obvious: they have you believe
you have to fumble around with all kinds of convoluted queries to achieve
something that can be done with minimal typing if only they'd read the
fucking documentation for various DBMS. Their CGI experts like RFP and
Zenomorph call certain script conditions non-exploitable, e.g. when you
can't get arguments supplied to a binary that you've managed to trick a Perl
script into running -- RFP mentions this in his Phrack article -- yet any
moron can easily figure out that you can use the POST method, make the
script run /usr/bin/perl for instance, and have it run a script of your
choice that is fed as stdin from the HTTP request's POST data. Oh God, sorry
for pushing the realm of web security forward with this INCREDIBLY COMPLEX
revelation.

* Have you written your own tools that exploit protocol weaknesses? Have you
written your own tools for routing protocol weaknesses, e.g. RIP, BGP? Have
you written your own tools that play games with DNS? Have you written your
own ARP cache poisoning / mitm tools? Your own tools for shit like icmp
redirects and router advertisements? Can you write a tool that will exploit
the TCP sequence number prediction + IP spoofing vulnerability of older
days? Or can you only mock Mitnick for his 1994 attack, calling him a
scriptkiddy? Or utter useless banter about ISNs and cookies that you
digested from some textfile? Who are you kidding? Fuck, have you read all 3
volumes of the glorious TCP/IP Illustrated, or can you just mumble some
useless crap about a 3-way handshake? Do you know Net/3 code? TCP
algorithms? TCP extensions? Perhaps you're some fucking security expert
because you've memorized /etc/services -- a walking fucking getservbyport, a
la 70% of the Vuln-Dev subscription base.

.....................................

I have seen the ~el8 guys cover the full spectrum of everything discussed
above. 95% of the people calling them scriptkids probably can't even code
helloworld.c.

Further ranting for those who are so quick to judge...

Are you just a fucking whitehat leech who knows nothing more than how to use
tools written by others? Using techniques and exploits that most likely
originated in the playground of blackhats known as the computer underground.
More likely than not you're a fucking scriptkid who only knows how to do
mundane and trivial crap like configuring ACLs on a Cisco router or some
half-assed product such as Firewall-1.

You likely are so ignorant that you believe anyone who compromises machines
is a clueless scriptkiddy like yourself. You likely are so idiotic that you
believe that Bugtraq and CERT will protect you from the latest 0day
exploits.

You think Apache 1.3.26 can't be compromised remotely with one of four two
year old Apache remotes that haven't even been hinted at on the security
lists. You think sendmail is (now) remotely secure because what you don't
see on Bugtraq doesn't exist. Qmail. ProFTPd. My God, you people are so
fucking out of it. People report intrusions on their machines and you
dumbfucks immediately conclude it's done by some public vulnerability, e.g.
OpenSSL. That's right, because in your ignorant bliss there are no skilled
people out there who would actually use their exploits to hack.
Narrow-minded fools. Scriptkiddies.

You know nothing of what lurks beneath the surface glamour of the corrupt
security industry/community. Your only resort is to call these people kids.

Trust me, they laugh at you clueless imbeciles. They laugh at your feeble
attempts to manipulate hacking so that it becomes some fucking ethical or
philanthropic pursuit. They laugh at your "hacker vs. cracker" debates. They
laugh at anyone who thinks hacking isn't about compromising computer
systems.

Who are the scriptkids now? You're outgunned and outclassed. Take a nap and
retire, you pathetic leeches.

The scriptkids like Ron DuFresne and Anodyne Perspective are likely going to
snap after reading this, so I'm sitting back looking forward to the imminent
outbursts from these scriptkids whose only rebuttals will be in the...

"I have my fingers in my ears, can't hear you kids NANANANANAN JAJAJAJAJAJA
itiththdsfhg grow up immature children, get a girlfriend HHSHee KkakakKAkka
pffffttt damn kiddies."

... range.

All "dox" dropped on the lists have been fake. They have been engineered by
people either making false assumptions or trying to get their "foes" in
trouble. Most of the phony ~el8 members lists mention people that have been
attacked by ~el8, ironically enough. Put one and one together. There is only
valid "info" for one of those poor souls, anywayz.

It's time for an underground revolution. You all quote The Mentor's
Manifesto in your misguided ethics rants; alas, The Mentor was an active
hacker, in the true, modern sense of the word. Stop being brainwashed ye
hackers. Keep your souls untarnished.

It's time to bring the corrupt security industry to its knees.

THE SECURITY INDUSTRY DEMOLISHED OUR WORLD.

THERE WILL NOW BE HELL TO PAY.


                Offer up your best defense
                But this is the end
                This is the end of the innocence

jimjones@low-level.net

Q: Who started antiSecurity and why?
A: The antiSecurity movement was founded by a join (and somewhat overlapping)
consensus of two groups, ADM and security.is. The founding was a reaction
sparked primarily by recent leaks of several exploits and the rise of several
notable figures who have littered the Bugtraq mailing list with the
publication of many exploits and vulnerabilities, often which were not their
own to begin with.

Q: How can I join antiSecurity?
A: A cliche is in order, but "Practice what you preach". Simply put, be
content doing your own thing, and hold your exploits personally or within a
closed and trusted group of individuals. In other words, DO NOT POST! If you
follow by this creed, you are already a true member of antiSecurity. If you
would like to show your support in a more formalized manner, you can send an
EMAIL directed to the contact point on this page, stating your desires,
philosophies, and policies towards the closed exploit development.

Q: What is the meaning of the blacklist?
A: The blacklist is a list of groups and individuals in the security community
who have engaged in policies that have served to harm mutual developers,
network administrators, and security researchers through reckless postings or
leaks. Note that there is no implication of a lack of skill among these list
members, as several are highly advanced in their respective security niches.
Nor is there any suggestion that these are bad or amoral people. It just means
that they have engaged in activities contrary to the antiSecurity creed (or
anti antiSecurity). Please note here that many members of the blacklist are
notable "whitehat" figures in the sec world. The subtle point here is that
many whitehats inadvertently serve as blackhats when they release weapons of
electronic destruction.

Q: Exactly whats wrong with open security again?
A: 1. Would you give handguns to toddlers? Then why give 0day to angry teens?
2. Many postings are done for political reasons which aim at corporate
embarrassment.
3. Many recent works that end up being published were not released by their
authors. Many of these exploits have standard copyrights and disclaimers which
state that the exploits may not be retransmitted or published without the
consent of the author. Why are these wishes not honored? In any other form of
information exchange, whether it be artwork, poetry, or literature, outrage
would be expressed by authors who have their personal and private hard-earned
works published. But nobody cares if this is an exploit. Packetstorm and
www.hack.co.za are sitting pretty on stock piles of exploits which could be
ticking time bombs for legal action such as lawsuits from enraged authors who
have taken necessary and proper (and yet ignored) actions to protect the
confidentiality of their works.

Q: Doesn't it seem a bit contradictory that the two main founding groups of
the antiSecurity movement (ADM and security.is) both have published exploits
on their websites/ftp sites?
A: Absolutely not. The exploits which are present could be there for a number
of reasons. One is because of leaks. If the exploit leaked to the public, it
was most likely published on the main site after it was archived on various
security sites. Another reason is that vendors discovered some of these flaws,
fixed them, and notified the public, thus rendering the information
insensitive. Thirdly, exploits could be several years old and may have been
released simply because they were archaic or obsolete. Finally, the exploit
could be a rather useless one, such as a vulnerability in very uncommon server
or client based software. In all of the cases, the nature of release was very
harmless - they did not negatively impact the security community.

Remember, nobody has the right to criticize others for the privitization of
personal code. Just like any other artistic creators, coders have the natural
right to keep findings secret and personal. Often many hard hours, days, and
even weeks go into the development of a viable and correctly functioning
exploit. This task is not always trivial or swift. Despite trite sayings,
exploiting a particular problem is harder than fixing it, as the patch or
difference is usually only a matter of a line or two of code. If you are not a
developer, then you can not possibly mount a reasonable attack on others who
often unwillingly sustain the progress of the Underground.

|=---------------------=[ New Hacking Manifesto ]=----------------------=|
|=----------------------------------------------------------------------=|
|=-------------------------=[ cr4zy c0nsuel0 ]=-------------------------=|


It happened again today. Another one sold out, sacrificing their dreams
to the corporate security machine.

Damn whitehats, noone believes in a cause anymore.

Another bug was released today to the security mailing lists.

Damn Whitehats, they know not what they do.

Another potential computer genius was relegated to an existence of nothing
more than than a 9-5 cubicle-dwelling promotional tool.

Damn whitehats, putting money before discovery.

Another family was ravaged by cooperations and governments bent on
instituting control over individuality, monitoring every action..

Another kid was sentenced today for searching for a way to understand
the world. Convicted and imprisoned, not because of what he did, but
because of what others thought he could do.

Damn Whitehats - Fear keeps them in business.

The public, believing anything it hears from "reputed experts". Screaming
for blood. Looking for something to blame for their lost hope. Their
lost ability to seek out new knowledge. Fear consumes them.  They cannot
let go of their uncertainty and doubt because there is no meaning. They
seek to destroy explorers, outlaws, curiosity seekers because they are
told too. They are told these people that seek information are evil.
Individuality is evil.  Judgment should be made based upon a moral
standard set in conformity rather than resistance. Lives are ruined in
the name of corporate profit and information is hoarded as a commodity.

Damn Whitehats, you were once like us.

I was a Whitehat. I had an awakening. I saw the security industry for
what is really is. I saw the corruption, the lies, the deceit, the
extortion of protection money in the form of subscription services and
snake-oil security consultants.

I wanted to know, I wanted to understand, I wanted to go further then
the rest. I never want to be held down by contracts and agreements.

You say I should grow up. You say I should find better things to do with
my time. You say I should put my talent to better use. You're saying I
should fall in line with the other zombies and forget everything I
believe in and shun those with my drive, my curiosity, tell them it's
not worth it, deny them of the greatest journey they will ever
experience in their lives.

I am not a blackhat. The term is insulting, it implies I am the opposite
of you. You think i seek to defeat security, when I seek something
greater.  I will write exploits, travel through networks, explore where
you are afraid to go. I will not put myself in the spotlight and release
destructive tools to the public to attract business. I will not feed
the fear and hysteria created by the security industry to increase stock
prices.  I can, and will, code and hack and find out everything I can
for the same reasons I did years ago.

I am a Hacker, dont try to understand me, you lost all hope of that when
you crossed the line. You fail to see the lies and utter simplicity
behind the computer security industry. Once, you may have shared my
ideals. You fail to see the fact that security is a maintenance job.
Youve given up hope for something better. You fail to see yourself as
worthless, fueling an industry whose cumulative result is nothing. I
dont hate you, I dont even really care about you - If you try to stop me,
you will fail, because I do this out of love -- you do it for money.
 
This is our world now.. the world of the electron and the switch, the
beauty of the baud. We make use of a service already existing without
paying for what could be dirt cheap if it wasn't run by profiteering
gluttons, and you call us criminals. We explore... and you call us
criminals. We seek after knowledge... and you call us criminals. We
exist without skin color, without nationality, without religious bias...
and you call us criminals. You build atomic bombs, you wage wars, you
murder, cheat and lie to us and try to make us belive it is for our own
good, yet we're the ciminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of
judging people by what they say and think, not what they look like. My
crime is that of outsmarting you, something that you will never forgive
me for.

I am a hacker, and this is my manifesto. You can't stop me, and you
certainly can't stop us all.

We removed perms over camp-dump.ldif.cat:


----- Original Message -----
From: "Harald Welte" <laforge@berlin.ccc.de>;
To: <staff@digitalsec.net>;
Cc: <cryx@berlin.ccc.de>;; <starbug@berlin.ccc.de>;; <cpunkt@ccc.de>;;
<hannes@berlin.ccc.de>;
Sent: Thursday, November 11, 2004 11:55 PM
Subject: [!dSR-staff] CCC blackhole.camp.ccc.de hack

Hi!

First I'd like to congratulate you on behalf of the CCC Berlin e.V. to
opening our TWiki on blackhole.

However, we would really appreciated if you could remove the address
data from your public website.

It's cool and nice that you hacked one of our boxes.  Publicizing
address data of several houndreds attendees however, is not going to
help the hacker community at all.

Please, take credit for hacking blackhole and make it public, but please
don't make innocent people suffer by exposing personal data.

Thanks, Happy Hacking and Cheers,

    Harald Welte

--
- Harald Welte <laforge@gnumonks.org>;               http://www.gnumonks.org/
============================================================================
Programming is like sex: One mistake and you have to support it your lifetime

hello im fairX the haxxor join my community of hackers if you payme enough i will give you access to a private area of haxx ;)
http://forum.curse-x.com/index.php

>>43-51
ENLIGHTENMENT RECEIVED

two main founding groups   of the antiSecurity   movement was founded   by a join   and somewhat overlapping   consensus of two   large primes p   and q At   each step of   the algorithm some   output is derived   from x n   the output is   commonly either the   downloader or the   first paragraph I   was even feeling   pity and had   much respect for   doing so much   noise code to   print the string   and removes every   character followed by   a C library.

Xarn is a bad boyfriend