White hat security group

eppik · Post by **eppik** » 12 Feb 2007, 12:39

Have you ever seen a site that was hacked by a script kiddie, the f00l deleted the intire database, and left a stupid message like "i rule!" or "You've been p4wn3d by the b3st h4ck3rz in the worldz!!" ???????

Whel i am sick of seing those poor admis of sites such as: http://artfulwriter.com/archives/2006/0 ... e_hac.html

Lol just an example

Here is what i propose WE od:

1 - Create a White Hat Security group

2 - Recruit everyone interested (as long as they are trustworthy)

3 - create a help-mail account for helping hacked admins

4 - Advertise it everywhere possible, so it is of the knowledge of everyone

5 - Ask for the info wich the hacker left about himself

6 - Contact him and tell him to say hes sorry

7 - If he doesnt comply, tag him and pursue him till you fuck up his box (or anoy him till he ask for forgiveness)

Does anyone knwo what im talking about?

Is this an interesting idea?

Wouldnt it help Newbs to learn how to information gathering and hacking?
(by finding an possibly atacking the hacker)

Plz dont say i've been up all nite...

Post by **pseudo_opcode** » 12 Feb 2007, 13:34

Watch out man, using word 'white hat' on suck-o means asking for trouble,cya in debate board, thats something i learnt here, when you say white hat, people laugh at you..

Post by **bad_brain** » 12 Feb 2007, 13:35

well, we ARE a "whitehat" group already...

anyone who owns a site which has been hacked would receive help here, BUT securing a site/server can be a lot of work and most people here (including me) can't afford to spend much more time to do jobs for free....and securing a site/server can quickly cost some hundred bucks, simply because it's nothing that can be done within a couple of minutes, analyzing already can take some hours.

the closest info you can get about the attacker is the IP, the next step would be to involve a lawyer which would have to force the network host of the IP to supply the personal data...and if the attacker is coming from a skiddie country (I'm saying no names here) you don't even get an answer and it's pointless to sue....

the next thing is that most site/server owners don't accept help when their site/server has been compromised, the usual reason is that they already know what was the reason: lazyness....security is a steady process which means patching, patching, patching.....so if I we would spend hours with securing a site/server it would be wasted time if the owner stays as lazy as before. and it's a sad but true fact that you can't even really secure some sites, for example when the site is on simple webspace and implementing serverbased security measures is not possible.

so in my opinion the only way this can work is:
owners of compromised servers/sites can always ask for help on the boards, but if somebody wants me (I can only speak for myself here of course) to do active work I'll not do it for free (if it's not a friend/part of the suck-o community). but I'm open to suggestions...

p.s. eppik, the dead link of your avatar is slowing down the load of the site, if you want to send it to bad_brain[at]suck-o.com and I'll upload it for you....

Post by **floodhound2** » 12 Feb 2007, 13:55

I am with bad brain on this one. I can not afford to take up m day doing security for others I don’t know and for free for that matter. Bad brain has a good point in that the site owners are lazy and can get help if they want to. It does take time and time is a important to me and my businesses that I run. Great idea but I am out unless more is considered. $ = time

eppik · Post by **eppik** » 12 Feb 2007, 15:46

Im not saying we will secure other peoples sites, just take justice into the people's hands

They saying: "Dont do things to others, that you wouldn't like done to you"

Thats waht im talking about

Like you get home and you don't wanna do anything or dont have anything to do on your pc.....

Just google for some hacked sites and trie and catch the bastards its fun...i guess...

Lyecdevf · Post by **Lyecdevf** » 13 Feb 2007, 05:15

eppik wrote: Just google for some hacked sites and trie and catch the bastards its fun...i guess...

How am I going to catch the bastards? I would need thier IP adress and what should I do to get it?

Post by **pseudo_opcode** » 13 Feb 2007, 06:49

eppik wrote:Im not saying we will secure other peoples sites, just take justice into the people's hands

They saying: "Dont do things to others, that you wouldn't like done to you"

Thats waht im talking about

Like you get home and you don't wanna do anything or dont have anything to do on your pc.....

Just google for some hacked sites and trie and catch the bastards its fun...i guess...

Yeah we forget that there are already people who are paid for that, maybe its fun, but that wont give us our daily bread, why would any 'hacked' admin co operate with us? I love investigating stuff, but does that mean the owner of hacked site would give us logs and documentation of the configuration??
I think we have enough reasons for not doing it no matter how much we like it.
Its just like there's a robbery in someone's house and we go and tell them "hey we are here to investigate stuff and catch robbers"

eppik · Post by **eppik** » 13 Feb 2007, 07:26

i get your point...

Tough admit it....its fun to search and destroy a Script kiddie....and you could test your skill against him...

Post by **Gogeta70** » 13 Feb 2007, 20:09

It wouldn't be a test, it would be a massacre. After all, what skiddie actually *secures* their box?

Lyecdevf · Post by **Lyecdevf** » 14 Feb 2007, 03:13

eppik wrote: its fun to search and destroy a Script kiddie....and you could test your skill against him...

There are easier ways to do that. Look at various forums where Script kiddies want to learn how to hack. Offer them your help! When they start to trust you than do your worst.

eppik · Post by **eppik** » 14 Feb 2007, 11:02

gogeta70 wrote:It wouldn't be a test, it would be a massacre. After all, what skiddie actually *secures* their box?

Rofl

Your right, they are so worried to kill other and that they forget to protect themselves.....hmm i shoul trie what Lyecdevf said

Post by **Gogeta70** » 14 Feb 2007, 13:34

Doing what lyecdevf said is lowering yourself down to their level, that makes you just as bad as they are. Honestly, i think this idea is kind of far fetched, and we should just drop it.

Looter · Post by **Looter** » 14 Feb 2007, 14:19

Agreed. Plus, remember, skiddies know nothing of wich they are doing, they all get caught just about all the time. Let justice come to them, dont bring it to them or else youll be the one in court. Not the skiddie destroying box's for fun. Most of them just use program's made by others, instead of actually taking out time and making your own, understanding how it works.

eppik · Post by **eppik** » 14 Feb 2007, 14:37

Damn right Looter! It is far more interesting to know how to make a Toolkit than to download one....

Its the ultimate humiliation: Getting p4wn3d by a homebrew 5 minute made app

LaBlueGirl · Post by **LaBlueGirl** » 15 Feb 2007, 14:32

pseudo_opcode wrote:Watch out man, using word 'white hat' on suck-o means asking for trouble,cya in debate board, thats something i learnt here, when you say white hat, people laugh at you..

heehee

Don't look at me in that tone of voice!!!

(kidding, lol)

White hat security group

How many times have you seen a Site that has been hacked?

White hat security group