[ISN] [defaced-commentary] SecuritynewsPortal response to defacement

From: InfoSec News (isnat_private)
Date: Thu Oct 25 2001 - 01:38:49 PDT

  • Next message: InfoSec News: "[ISN] Microsoft Redux"

    [Additional info at: http://www.newsbytes.com/news/01/171478.html - WK]
    
    
    ---------- Forwarded message ----------
    Date: Wed, 24 Oct 2001 08:28:42 -0600 (MDT)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] SecuritynewsPortal response to defacement
    
    
    [In the wake of the SecurityNewsPortal defacement, they have decided to
    shut down. The following is currently posted on their website. - jericho]
    
    --
    
    The SecurityNewsPortal was defaced on October 23rd by parties unknown. 
    
    The SecurityNewsPortal will be allowed to die this evening as a result of
    this defacement. 
    
    Permit me to explain this decision. 
    
    
    The defacer was of the mistaken belief that the SecurityNewsPortal was a
    commercial endeavor that somehow made money.
    
    Regrettably, like many things stated by the defacer nothing could be
    further from the truth. 
    
    Let us just clear up the defacer's mistaken notion about money in and
    money out.... 
    
    Money In :
    * SNP had no paid advertisers.  The one ad allowed on the site was for a
    company based in Malta. For which there was no charge !
    * SNP had no financial backing from security companies or security product
    vendors
    * SNP never received gifts of Angel money from mysterious backers.
    * SNP never sold its members mailing list - in fact we never even sent our
    members e-mail
    * SNP never sold or allowed advertising on the free newsticker it allowed
    2700+ other sites to use
    * SNP never received a single dollar in advertising or any other form of
    revenue from anyone
    * SNP never received any government sponsorship or support - unlike other
    security web sites
    * SNP never received any financial support from any major Universities or
    Colleges - unlike other security web sites
    * SNP never even received a lousy coffee cup or baseball cap from some of
    the companies that we supported and talked positively about
    * SNP never even received a corporate logo pen or knapsack from some of
    the companies that we talked negatively about - heheh Pitbull ehehehe
    
    Money Out :
    * The fee for the domain name registration was donated by Marq
    * The fees for the web hosting of the SecurityNewsPortal were paid
    directly from the personal pocket of Marq.
    * The fees paid for the bandwidth to supply 2700+ other security and
    hacking sites with a FREE constantly updated newsticker was paid for by
    Marq
    * The cost of labor provided to collect the news 18 hours per day, edit
    it, comment it and add it to the site was done by Marq for free...nada...
    not a penny of compensation....zilch...
    
    Contrary to what the defacer thought, the SecurityNewsPortal was exactly
    what it always said it was, a non-profit educational site that was
    prepared to present the latest in hacking and security news. 
    
    Hey... we proved that a one person web site operating on a beer budget
    could compete with the big commercial web sites
    
    We took great pleasure in the growth of the SecurityNewsPortal over the
    past six months.  We succeeded on a shoestring budget and with only one
    person to accomplish what the commercial web sites could only be envious
    of. 
    
    And we took pride in beating other security and hacking sites to the
    latest news and presented in an honest and unfiltered way.  Obviously
    someone did not like that fact.  But it was also obvious that a lot of
    people did like the way we were presenting the breaking news....
    
    Being defaced does not embarass us... they weren't our web servers to
    control or secure
    
    Since the SecurityNewsPortal was financed solely out of the pocket of Marq
    we had to host our web site on a commercial web hosting service.  The
    server that was defaced was theirs - not ours.  It was not something that
    was within our grasp to control or secure.  So we feel no shame that ' our
    ' web server was defaced.  Like hundreds of thousands of ordinary Joes we
    simply pay our annual hosting fees and we rented space and bandwidth.  We
    could not afford to do otherwise.  So there is no victory in having
    defaced us.  You defaced our web hosting company...  congratulations. 
    
    Some of the best hackers in the scene deliberately chose to leave us
    alone..  I guess they liked us
    
    I might point out that we were very honored that many of the worlds best
    hackers had deliberately chosen to leave our web site alone all these
    months.  Many of them became regular visitors to our web site and often
    provided us with tips about where to look for breaking news stories.  We
    believe that they appreciated the service that the SecurityNewsPortal was
    providing to everyone in the security and hacking scene. To those elite
    hackers we extend our thanks. 
    
    Would it have been wrong to actually have had an advertiser or sponsor to
    cover our cost of operating ?  Nah... 
    
    Yes, we would have loved to have been a commercial web site.  It would
    have been lovely to have actually gotten paid to do something that we
    actually enjoy.  But unfortunately the defacer does not have a firm grasp
    on the current economic state of the security industry.  The security
    product and services vendors are not flush with large surpluses of cash. 
    Many of them have been laying off incredibly talented staff in order for
    their companies to survive until the current economic situation recovers. 
    These security product and service vendors are not out there supporting
    the security web sites with large chunks of advertising dollars.  They
    simply do not have the surplus cash to support SecurityNewsPortals or even
    the commercial Security web sites.  A simple look at the lack of
    advertisers on the other security web sites will make that quite clear...
    there is no profit in running a security web site at this particular time. 
    
    The decision... our time has come
    
    Having said all this I hope that our regular viewership will understand
    why I have chosen to let the SecurityNewsPortal die at the hands of this
    one defacer.  He has broken the old code of honor that still exist among
    some of the more senior members of the hacking world and in doing so he
    has betrayed his fellow hackers and security professionals by interfering
    with their ability to get to the news that we were posting for their
    benefit. 
    
    We are realistic enough to understand that there is no point rebuilding
    this web site in order for the defacer to simply come back and damage it
    again.  There can not be 100% security for a web site that is hosted on a
    commercial hosting service.  Since we are not able to fully secure this
    web site there is no reason to re-open the site for a return defacement.by
    this person. 
    
    So there it is in a nutshell.  And maybe our decision to just stop the
    SecurityNewsPortal will serve several points.  Possibly our defacer will
    realise that only a non-profit, volunteer, non-commercial web site could
    simply shut down like we are about to.  If we were a commercial web site
    we would be scrambling to get our site back online to ' keep making money
    '. 
    
    Sorry dude but you were seriously mistaken about us.  We are now
    officially shutdown. 
    
    In parting... a few words to the Security Industry in support of the other
    security web sites that are on the Internet
    
    Possibly some good can come of this defacement that will benefit the other
    commercial and non-profit security web sites that are operating on the
    Internet.  SecurityNewsPortal was a non-profit site and we were not
    actively seeking advertisers.  Our operating cost were small and Marq
    could afford them.  We ran this site because we enjoyed it. 
    
    But there are a good number of other important security web sites on the
    net that are being run by small one and two person operations.  These
    security web sites are being run by devoted fanatics like ourselves who
    put in long hours of work gathering or creating content that benefit
    everyone.  And yet they fail to receive any financial support from the
    security industry.  At what point will they lose their enthusiam and
    simply question why they volunteer such long hours with nothing in return
    for their efforts from their own industry ?. 
    
    We have seen over the past nine months a number of top flight security web
    sites fold, give up or change hands.  Attrition.org's Mirror, Packetstorm,
    SecurityPortal, Technotronic, Hack.zaire.co, and many others. Even as I
    write this final note there are a number of other excellent security sites
    that are preparing to shut down their sites. Just today we were even
    starting to get rumors that SecurityFocus was about to change ownership
    and we were trying to get official or inside confirmation on those rumors
    before we broke the story.  All these great sites could have used more
    advertising or financial support from the security industry...  but it was
    not there.
    
    So it would be nice if our departure helped some of those other security
    sites, whether they be commercial operations or volunteer staffed
    non-profit sites. 
    
    In closing
    
    It was our pleasure over the past six months to have played a role in
    helping to keep everyone informed about what was happening in the security
    and hacking scene. We hope that our explanation for why we have chosen to
    let the SecurityNewsPortal officially die is understandable.  We simply do
    not have the financial backing or support to pay for our own web servers
    that we could control and secure from attack. 
    
    To the 2700+ security and hacking web sites that used our constantly
    updated free newsticker we extend our apologies.  We are not going to be
    able to continue providing that service.  We are sorry about this
    inconvenience and we trust you will understand.
    
    To all the chaps in the military who enjoyed coming to our web site ( yes
    I noticed those .mil in our logs ) I extend to you my heartiest best
    wishes.  Keep up the good work and the good fight. 
    
    And I would like to extend my personal best wishes to the professional
    journalist who supported our work here at SecurityNewsPortal.com over the
    past six months. Your friendship, professionalism, tips on breaking news
    stories and never calling in the copyright cops after us was most
    appreciated !
    
    Oh... and as for me... well I will certainly have more free time, be able
    to sleep in the mornings and go to bed earlier at night, Hey, I might even
    be able to spend a few extra dollars on myself for a change instead of
    paying it to this web hosting service. 
    
    Most importantly, best wishes to all our friends in the security and
    hacking community.  I truly appreciated your support, help, advice and
    friendship over these last six months. 
    
    I have attached a copy of the defacement that replaced our web pages
    below.  Although it claims to have been done by Kimble, I would ask that
    you take that with a grain of salt...
    
    Marq  
    
    snpmarqat_private
    
    Old hackers never die... they simply fade into the shadows..
    
    
    -
    The information and commentary is Copyright 2001, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 03:30:37 PDT