shellworld attacked!!!

shellworld attacked!!!

[Cheryl Homiak]

In answer to my own question, if anybody else wants to know, shellworld
was attacked by a hacker Saturday and is in the process of getting back on
its feet. I am not naive; I realize there is evil in the world, but I
totally can't comprehend somebody getting a thrill out of destroying other
peoples' installations, especially when somebody with those skills could
probably do really neat things to help people instead.

Cheryl

Re: shellworld attacked!!!

[Raul A. Gallegos]

You are correct.  Someone who has these types of skills can find a great
career using those skills legally.  Heck, have you all seen sneakers?
It's one of my favorite movies.
-- 
A new supply of round tuits has arrived and are available from your
admin.  Anyone who has been putting off work until they got a round
tuit now has no excuse for further procrastination.
-- Raul A. Gallegos mailto:raul@asmodean.net - http://www.asmodean.net

Re: shellworld attacked!!!

[Dave Mielke]

[quoted lines by Cheryl Homiak on December 12, 2001, at 06:00]

Hi:

>I am not naive; I realize there is evil in the world, but I
>totally can't comprehend somebody getting a thrill out of destroying other
>peoples' installations, especially when somebody with those skills could
>probably do really neat things to help people instead.

To understand the minds and hearts of mankind, we must look into the Bible. It,
especially in terms of our day, describes how people will become incredibly
self-centred, with their love for others growing cold. This is entirely in
keeping with what we observe.

[2 Timothy 3:1-4]: "This know also, that in the last days perilous times shall
come. For men shall be lovers of their own selves, covetous, boasters, proud,
blasphemers, disobedient to parents, unthankful, unholy, Without natural
affection, trucebreakers, false accusers, incontinent, fierce, despisers of
those that are good, Traitors, heady, highminded, lovers of pleasures more than
lovers of God;"

-- 
Dave Mielke           | 2213 Fox Crescent | I believe that the Bible is the
Phone: 1-613-726-0014 | Ottawa, Ontario   | Word of God. Please contact me
EMail: dave@mielke.cc | Canada  K2A 1H7   | if you're concerned about Hell.

Re: shellworld attacked!!!

[David Poehlman]

hackers is good too.

----- Original Message -----
From: "Raul A. Gallegos" <raul@asmodean.net>
To: <blinux-list@redhat.com>
Sent: Wednesday, December 12, 2001 1:09 PM
Subject: Re: shellworld attacked!!!


You are correct.  Someone who has these types of skills can find a great
career using those skills legally.  Heck, have you all seen sneakers?
It's one of my favorite movies.
--
A new supply of round tuits has arrived and are available from your
admin.  Anyone who has been putting off work until they got a round
tuit now has no excuse for further procrastination.
-- Raul A. Gallegos mailto:raul@asmodean.net - http://www.asmodean.net



_______________________________________________
Blinux-list mailing list
Blinux-list@redhat.com
https://listman.redhat.com/mailman/listinfo/blinux-list

Re: shellworld attacked!!!

[David Poehlman]

If I wanted to distroy the competition and had the age old gredy mindset
and didn't care who I hurt as many before us have done, I might employ
this tactic.  I've seen businesses burned, prices increased and all
sorts of dirty things done to have this accomplished.  I've even seen
nations fake charges against innocents to achieve this end.

Re: shellworld attacked!!!

[Gil Andre]

Hi!

I am sorry but I have to disagree here: most hackers are just
a bunch of retarded teenagers using hacking "scripts" that are
put together by much more talented and intelligent people (the
Computer Security specialists).

The (other) sad truth is that Linux (and many other systems)
are full of security problems -- and that the only way to 
make big companies such as Microsoft or Sun respond quickly
to security threats is to publish the scripts I just mentioned
to prove the danger is real. Otherwise, the big companies
just don't move -- they try to sweep the problems under the
rug, sit on their hands and pretend the problem will go
away if they don't talk about it.

If you want a (Unix-like) operating system that was designed
with security in mind, you should use OpenBSD (which can be 
found at: http://www.openbsd.org). If you really want to use
Linux, then I recommend using Bastille Linux (which can be
found at http://www.bastille-linux.org). "Bastille" is a 
very complex Perl script which tries to make your Linux
installation more secure by blocking risky services and
possible accesses. Highly recommended. There are other steps
that can be taken to protect and "harden" a computer against
attacks, but that is beyond the scope of this message.

Again: most "hackers" are *not* talented. That does not make
the problems of shellworld less important, though.


On Wed, 12 Dec 2001 06:00:21 -0600 (CST)
Cheryl Homiak <chomiak@chartermi.net> wrote:

> In answer to my own question, if anybody else wants to know, shellworld
> was attacked by a hacker Saturday and is in the process of getting back on
> its feet. I am not naive; I realize there is evil in the world, but I
> totally can't comprehend somebody getting a thrill out of destroying other
> peoples' installations, especially when somebody with those skills could
> probably do really neat things to help people instead.
> 
> Cheryl


Best regards,

_______________________________________________

Gil Andre -- Technical Writer -- Knox Software
            gandre@arkeia.com
_______________________________________________

Re: shellworld attacked!!!

[Andor Demarteau]

On Wed, 12 Dec 2001, Cheryl Homiak wrote:

 > In answer to my own question, if anybody else wants to know, shellworld
 > was attacked by a hacker Saturday and is in the process of getting back on
 > its feet. I am not naive; I realize there is evil in the world, but I
 > totally can't comprehend somebody getting a thrill out of destroying other
 > peoples' installations, especially when somebody with those skills could
 > probably do really neat things to help people instead.
That remains to be seen.
Ever heard of the predicate scriptkiddy?
If you haven't, definition: someone who uses donwloadedx scripts or other
trivial trisk to break-in or simply attack sites on the net.

definition hacker: someone who tries to gain entry to a "secure" system
simply to gain entry.
2 types;
- whiteheads, the goodguys who even will leave a note they were insite and
how to close the hole they used to get in
- blackheads, people who breakin to steal/modivy/destroy critical
information

 > Cheryl
 > 
 > 
 > 
 > _______________________________________________
 > Blinux-list mailing list
 > Blinux-list@redhat.com
 > https://listman.redhat.com/mailman/listinfo/blinux-list
 > 

-- 
slainte mhaith (good health), slainte (cheers)
Uisce Beatha (water of live/health)
-----------
Andor Demarteau                 E-mail: ademarte@students.cs.uu.nl
student computer science        www: http://www.students.cs.uu.nl/~ademarte/
Utrecht University              irc: see webpage for details
-----------
Believe in yourself, know what you want, and make it happen!

Re: shellworld attacked!!!

[Andor Demarteau]

On Wed, 12 Dec 2001, David Poehlman wrote:
 > If I wanted to distroy the competition and had the age old gredy mindset
 > and didn't care who I hurt as many before us have done, I might employ
 > this tactic.  I've seen businesses burned, prices increased and all
 > sorts of dirty things done to have this accomplished.  I've even seen
 > nations fake charges against innocents to achieve this end.
Even in "free" America was this the leading way in the 19th and early 20th
century.
Railways aganst all small framers and in alience with the big once.
Rockefeller (spelling) the big oil-man from early 20th century who
bruned/distroyed or minipulated all other oil-companies till he had them
all.

The US has the Anit-Frust amendements on therte consitutions and the ICC (I
believe) to uphold them.
But we are getting off-topic here ;)

 > 
 > 
 > 
 > _______________________________________________
 > Blinux-list mailing list
 > Blinux-list@redhat.com
 > https://listman.redhat.com/mailman/listinfo/blinux-list
 > 

-- 
slainte mhaith (good health), slainte (cheers)
Uisce Beatha (water of live/health)
-----------
Andor Demarteau                 E-mail: ademarte@students.cs.uu.nl
student computer science        www: http://www.students.cs.uu.nl/~ademarte/
Utrecht University              irc: see webpage for details
-----------
Believe in yourself, know what you want, and make it happen!

Re: shellworld attacked!!!

[Andor Demarteau]

On Thu, 13 Dec 2001, Gil Andre wrote:
 > I am sorry but I have to disagree here: most hackers are just
 > a bunch of retarded teenagers using hacking "scripts" that are
 > put together by much more talented and intelligent people (the
 > Computer Security specialists).
Scriptkiddies you mean.

 > The (other) sad truth is that Linux (and many other systems)
 > are full of security problems -- and that the only way to 
 > make big companies such as Microsoft or Sun respond quickly
 > to security threats is to publish the scripts I just mentioned
True, but even then MS still doesn't do anything (or at least not enough)
btw, Linux has nothing to do with Sun mindyou. Sun has there own OS named
Solaris.

 > If you want a (Unix-like) operating system that was designed
 > with security in mind, you should use OpenBSD (which can be 
 > found at: http://www.openbsd.org).
NetBSD as in this list as well.

 > If you really want to use
 > Linux, then I recommend using Bastille Linux (which can be
 > found at http://www.bastille-linux.org). "Bastille" is a 
 > very complex Perl script which tries to make your Linux
 > installation more secure by blocking risky services and
 > possible accesses. Highly recommended.
Nice, but be reminded that even BSD is as secure as the admin makes it.
Tus, a secured linux-box can be better then a nonsecure bsdbox.

 > Again: most "hackers" are *not* talented. That does not make
 > the problems of shellworld less important, though.
I wonder how good there security really was and what kind of attack was
used.

 > 
 > On Wed, 12 Dec 2001 06:00:21 -0600 (CST)
 > Cheryl Homiak <chomiak@chartermi.net> wrote:
 > 
 > > In answer to my own question, if anybody else wants to know, shellworld
 > > was attacked by a hacker Saturday and is in the process of getting back on
 > > its feet. I am not naive; I realize there is evil in the world, but I
 > > totally can't comprehend somebody getting a thrill out of destroying other
 > > peoples' installations, especially when somebody with those skills could
 > > probably do really neat things to help people instead.
 > > 
 > > Cheryl
 > 
 > 
 > Best regards,
 > 
 > _______________________________________________
 > 
 > Gil Andre -- Technical Writer -- Knox Software
 >             gandre@arkeia.com
 > _______________________________________________
 > 
 > 
 > 
 > _______________________________________________
 > Blinux-list mailing list
 > Blinux-list@redhat.com
 > https://listman.redhat.com/mailman/listinfo/blinux-list
 > 

-- 
slainte mhaith (good health), slainte (cheers)
Uisce Beatha (water of live/health)
-----------
Andor Demarteau                 E-mail: ademarte@students.cs.uu.nl
student computer science        www: http://www.students.cs.uu.nl/~ademarte/
Utrecht University              irc: see webpage for details
-----------
Believe in yourself, know what you want, and make it happen!

Re: shellworld attacked!!!

[Gil Andre]

Hi!

On Thu, 13 Dec 2001 12:04:33 +0100 (MET)
Andor Demarteau <ademarte@students.cs.uu.nl> wrote:

> Scriptkiddies you mean.

The "scriptkiddies" are the users. The people who write the
scripts are, themselves, much more talented. Most of the time
they *do* *not* use their own scripts to do damage. They just
discover a security problem, test it a couple of times, write
a script to prove that it is a real and present danger (and not
just a theoretical one) and send the whole thing to the
software company and to some security web site, such as BugTraq.

>  > The (other) sad truth is that Linux (and many other systems)
>  > are full of security problems -- and that the only way to 
>  > make big companies such as Microsoft or Sun respond quickly
>  > to security threats is to publish the scripts I just mentioned
> True, but even then MS still doesn't do anything (or at least not enough)

Actually, Microsoft usually reacts pretty quickly. The problem
is the sheer number of security problems discovered every week.
And also the fact that MS Windows is such a huge beast that one
patch may well create new security issues or even break Windows
down... This has happened recently. And the number of patches
means most administrators do not have enough time to apply them
all to all their machines -- leaving servers exposed to worms,
viruses and script kiddies.

> btw, Linux has nothing to do with Sun mindyou. Sun has there own OS named
> Solaris.

True. I was only giving Sun as an example of a big company that
was very slow to patch their security problems. Their situation
has improved somehow in the last few years, though.

>  > If you want a (Unix-like) operating system that was designed
>  > with security in mind, you should use OpenBSD (which can be 
>  > found at: http://www.openbsd.org).
> NetBSD as in this list as well.

True, but NetBSD is not designed, first and foremost, with
security in mind. OpenBSD is NetBSD + several years of
security auditing of the source code. NetBSD has got an
excellent track record, though, but its emphasis is on
portability, not security.

> Tus, a secured linux-box can be better then a nonsecure bsdbox.

That's the problem with Linux: most distributions install way too
many services on a machine.

In my opinion, a workstation should have OpenSSH enabled (for
distant administration) and not anything else.

Most Linux distributions, trying to help the beginner user, throw
in lpr, bind, Apache, FTP, telnet, NFS, etc, etc... All of which
make a machine very insecure.

Which is why BSD has a small edge over Linux in this regard: in
a BSD system you have to activate all the services you want to
run -- the rest are inactive by default, which makes the machine
a little harder to configure but much more secure by default.

> I wonder how good there security really was and what kind of 
> attack was used.

"Computer Forensics", meaning understanding what went wrong and
what the "hacker" did to the machines he/she attacked is a very
difficult subject. Especially if a "root kit" (compromised 
binaries) was installed...

Regards,

_______________________________________________

Gil Andre -- Technical Writer -- Knox Software
            gandre@arkeia.com
_______________________________________________

Re: shellworld attacked!!!

[Andor Demarteau]

On Thu, 13 Dec 2001, Gil Andre wrote:
 > The "scriptkiddies" are the users. The people who write the
 > scripts are, themselves, much more talented. Most of the time
 > they *do* *not* use their own scripts to do damage. They just
 > discover a security problem, test it a couple of times, write
 > a script to prove that it is a real and present danger (and not
 > just a theoretical one) and send the whole thing to the
 > software company and to some security web site, such as BugTraq.
I know, therfore the "attackers" of shellworld can be defined in the
kiddie-cat

 > Actually, Microsoft usually reacts pretty quickly. The problem
 > is the sheer number of security problems discovered every week.
 > And also the fact that MS Windows is such a huge beast that one
 > patch may well create new security issues or even break Windows
 > down... This has happened recently. And the number of patches
 > means most administrators do not have enough time to apply them
 > all to all their machines -- leaving servers exposed to worms,
 > viruses and script kiddies.
In short: windows is too big, incorporates too much in too many lines of
code intangled in just ONE os ;)

 > True. I was only giving Sun as an example of a big company that
 > was very slow to patch their security problems. Their situation
 > has improved somehow in the last few years, though.
ok

 > True, but NetBSD is not designed, first and foremost, with
 > security in mind. OpenBSD is NetBSD + several years of
 > security auditing of the source code. NetBSD has got an
 > excellent track record, though, but its emphasis is on
 > portability, not security.
Thanx, didn't know this.

 > That's the problem with Linux: most distributions install way too
 > many services on a machine.
by default (RH Mandrake, Suse)

 > In my opinion, a workstation should have OpenSSH enabled (for
 > distant administration) and not anything else.
Debina closes ssh for root login, although I think with OpenSSH for
protocol 2 they changed it. 

 > Most Linux distributions, trying to help the beginner user, throw
 > in lpr, bind, Apache, FTP, telnet, NFS, etc, etc... All of which
 > make a machine very insecure.
I know, question is what does a beginner even want with all these
service. He/She probably will not even use them.

 > Which is why BSD has a small edge over Linux in this regard: in
 > a BSD system you have to activate all the services you want to
 > run -- the rest are inactive by default, which makes the machine
 > a little harder to configure but much more secure by default.
Look at the debian-baseinstall, no services included by default at all ;)

 > "Computer Forensics", meaning understanding what went wrong and
 > what the "hacker" did to the machines he/she attacked is a very
 > difficult subject. Especially if a "root kit" (compromised 
 > binaries) was installed...
You should attend Sane2002 (http://www.sane2002.nl) if they have the
Blackhead session again ;)

 > Regards,
 > 
 > _______________________________________________
 > 
 > Gil Andre -- Technical Writer -- Knox Software
 >             gandre@arkeia.com
 > _______________________________________________
 > 
 > 
 > 
 > _______________________________________________
 > Blinux-list mailing list
 > Blinux-list@redhat.com
 > https://listman.redhat.com/mailman/listinfo/blinux-list
 > 

-- 
slainte mhaith (good health), slainte (cheers)
Uisce Beatha (water of live/health)
-----------
Andor Demarteau                 E-mail: ademarte@students.cs.uu.nl
student computer science        www: http://www.students.cs.uu.nl/~ademarte/
Utrecht University              irc: see webpage for details
-----------
Believe in yourself, know what you want, and make it happen!

Re: shellworld attacked!!!

[Jude DaShiell]

I've been a hacker since at least 1986 and have no use for the commonly
accepted definitions.  First of all, no self-respecting hacker in those
years at least would have broken into any system unless they had been
asked to do so by its owner or owners to locate and fix security problems.
Hackers in the year I considered myself one and knew others far better
than myself and was able to recognize them for what and who they were were
people who managed to make their machines and software do several
undocumented things in order to help themselves out or to help their
employers out.  Basically envelope pushers.  That's what distinguished
them from users.  What we have today are actually three classes of
cybercrackers.  Lowest on the brains ladder are the script kitties, then
we have the real professionals.  Those fall into cybercrackers who break
into systems and leave notes so security exploits they used can be
terminated, white hats if you prefer.  Then there are the cyber punks the
black hats if you prefer.  All of this virus stuff became public because a
Bell Labs employee whose first name was Dominic broke his word and
published material on what started out as the game core wars over at bell
labs and the core warriors the programmers wrote over there to play the
game.  Those of us who were the original computer hackers I'm sure resent
the abuse of our good name which in those years long ago we wore as a
badge of honor.

Re: shellworld attacked!!!

[Jude DaShiell]

Your descriptive profile is incorrect.  I know this because of some first
hand experience.  A hacker put linsniffer on my system and it repeatedly
broke email sessions and deleted the inbox messages.  One time when I was
rebooting I noticed the error linsniffer can't run.  So I search my system
documentation for linsniffer using locate man and info.  locate was the
only tool to find anything and it was a subdirectory that couldn't be
deleted off of my /dev directory /dev/ida/linsniffer that contained lots
of files.  So I wiped the speakup system out and later did some web
research on linsniffer.  I found a site called http://www.attrition.org
that referenced linsniffer.  So these hackers are writing their own web
sites too and making the information and probably the scripts available to
anyone that can do a web download.

Re: shellworld attacked!!!

[Brent Harding]

What did it do that couldn't get out of the /dev directory? It's not
windows, but suppose if the device files are made to be busy, they won't
delete.
I've heard sometimes isps run sniffers, suppose the major pay equivalent in
windows is declude junkmail buster, running with the imail smtp server,
sniffing out bad messages and deleting them on the spot. I know of it as a
friend had an isp who appended a note of it's use to the x-headers. He
switched to aol to get away from that, as it filters yahoogroups, and
probably almost anything that doesn't have your address seen in the to
header, real rotten. They should make it so users can get that off their
account, but there's always someone else to choose if you don't like what
your provider does.
At 08:47 PM 12/19/01 -0600, you wrote:
>Your descriptive profile is incorrect.  I know this because of some first
>hand experience.  A hacker put linsniffer on my system and it repeatedly
>broke email sessions and deleted the inbox messages.  One time when I was
>rebooting I noticed the error linsniffer can't run.  So I search my system
>documentation for linsniffer using locate man and info.  locate was the
>only tool to find anything and it was a subdirectory that couldn't be
>deleted off of my /dev directory /dev/ida/linsniffer that contained lots
>of files.  So I wiped the speakup system out and later did some web
>research on linsniffer.  I found a site called http://www.attrition.org
>that referenced linsniffer.  So these hackers are writing their own web
>sites too and making the information and probably the scripts available to
>anyone that can do a web download.
>
>
>
>
>
>_______________________________________________
>Blinux-list mailing list
>Blinux-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/blinux-list
>
>

Re: shellworld attacked!!!

[Gil Andre]

Hmmm. Warning: I have the feeling this is going to be a long
email...

There is a lot in your message that puzzles me. I am not sure
I understand everything, but there are still a couple of
points I'd like to raise with you.

On Wed, 19 Dec 2001 20:47:05 -0600 (CST)
Jude DaShiell <jdashiel@shellworld.net> wrote:

> Your descriptive profile is incorrect.

??? Excuse me? I have no idea what you are talking about...

> A hacker put linsniffer on my system and it repeatedly
> broke email sessions and deleted the inbox messages.

Excuse me again? Here is a description of Linsniffer I was
able to find:

linsniffer:
linsniffer is [a] simple sniffer whose main purpose is to capture
usernames and passwords. linsniffer can be found at [... Address
deleted ...]

As you can see above, by definition, a sniffer is designed to
only do one thing: get the names/passwords pair. As such, they
do not interfere with other programs -- if linsniffer interfered
with your email program, then the person who installed it was
pretty incompetent (a "script kiddy").

Then again, if linsniffer was getting name/password from your
network, that probably means you were still using telnet or
ftp or some other insecure protocol. If there is one rule
that should always, always, always be applied these days it
is to use OpenSSH and scp for remote access and remote file
copy.

> One time when I was rebooting I noticed the error linsniffer
> can't run.

See above: why did linsniffer crash on startup? Because the
person who installed probably did a very bad job of it! And
why on earth are you rebooting your system? My Linux system
stays on all the time and only reboots when we have a major
crash of the electrical system (which happens too often for
my taste, but that's another story...).

> locate was the only tool to find anything and it was a
> subdirectory that couldn't be deleted off of my /dev
> directory /dev/ida/linsniffer that contained lots of
> files.

I thought linsniffer was supposed to install in the 
/usr/share/man directories. To create a /dev/xxx/linsniffer
directory is to court disaster -- again, that points in the
direction of a script kiddie, not a seasoned hacker.

> So I wiped the speakup system out

??? Excuse me? Don't you think you should have searched
very carefully your system for trojaned binaries and other
backdoors? Take a look at this analysis of a hacked system:
http://www.spirit.com/Network/net0301.html
And you'll see why it is extremely important to go through
a hacked system -- if a hacker knows his stuff (and even if
he does not -- rootkits are a dime a dozen these days) he/
she will have compromised your system in more ways than one!

And if has installed more on your system than just linsniffer,
you may be in for a very bad surprise... You can read thousands
of horror stories on the Internet about what can go wrong in
case a hacker really has burrowed deep into your system...

> and later did some web research on linsniffer.

A very good thing to do, indeed.

> I found a site called http://www.attrition.org that referenced
> linsniffer.

Google can spit out many more answers than this. Example:
"Searched the web for Linsniffer. Results 1 - 10 of about 801"

> So these hackers are writing their own web sites too and
> making the information and probably the scripts available
> to anyone that can do a web download.

??? Excuse me? Where have you been hiding for the past ten
years? Of course they have been doing that! Why do you think
people talk about "script kiddies"? Because idiotic 15 years
old can now hack into most (unprotected) servers using lots
of scripts written by people who are far more intelligent 
and competent than they are. Read: http://project.honeynet.org
for some tactics that can be used against you.

First of all, http://www.attrition.org is a very good web site
that contains a lot of information on computer security. It is
highly recommended reading for anyone who is running a system
connected to the Internet in a permanent manner. And,
considering the fact that your address is "@shellworld.net",
I think you should read this complete web site unless you
want your machine to be hacked again and again and again and
...

As a matter of fact, I also recommend that you start right
now, by reading the following in that order:

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Security-Quickstart-HOWTO.html 
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Security-Quickstart-Redhat-HOWTO.html
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Security-HOWTO.html 
http://www.sans.org/top20.htm
http://www.cisecurity.org/scanning_tool.html
http://www.cac.washington.edu/People/dad/ (A lot of links)
http://staff.washington.edu/dittrich/talks/qsm-sec/what_unix.html
http://www.attrition.org (Computer security with an attitude)
http://www.linuxsecurity.com
http://www.securityfocus.com
http://www.hackingexposed.com (This is the BIBLE of hacking!)

Most of these links should be accessible by vision-handicapped
persons. If you (or any other person on this list) has any
questions, I'll try to answer them as best as I can. Feel free
to email me.

/-------------------------------------\
|   Gil Andre -- Technical Writer     |
|Knox Software: http://www.arkeia.com |
|     email: gandre@arkeia.com        |
\-------------------------------------/

Re: shellworld attacked!!!

[Jude DaShiell]

You may have some valid points here, but I know of no program that
survives a linux formatting of all partitions on a hard drive.

Re: shellworld attacked!!!

[Jude DaShiell]

Where I had a problem with your descriptive profile was that you
originally neglected to state that some of those crackers put up web sites
and make their techniques generally available to the internet.  A white
hat wouldn't have much need to do something like that, even if the large
corporations would like to sweep security problems under the rug it's
possible to not only find people in government installations who will not
only give them a fair hearing but will also even go so far as to verify
their work and when that work is verified security-related clauses of
contracts for hardware and software get updated and then the corporations
do listen since failing to do so could loose them business and profits
from government sales.  We are not all that large of a consumer, but
Government is another matter and it's like E. F. Hutton in that when it
talks to contractors and corporations they listen.