A Must Read - Brief Testimony of Our Disclosure Experience

Sun, 23 Dec 2007 11:15:16 GMT
by ivana-kalay

We have been trying to expose our thoughts about the fundamental ethical issues in the industry for a quite a long time. The truth is that it is not very simple to define what a righteous hacking is or which is the best way to deal with discovered vulnerabilities. Moreover, we do realize that having this talk is also very subjective and has different meanings to everyone. In the past couple of months, GNUCITIZEN has increased its rank dramatically and became key topic of many media outlets. Our popularity and running activities have constantly challenged us to reconsider our professional virtues and to seek the answers of the major industrial dilemmas. So in the spirit of upcoming festivals, it seems practically fitting for GNUCITIZEN to devote some time reflecting on the year's past and talk about where we find ourselves as the New Year dawns. Here is our top five list of Year-End ethical questions:

1. What did we learn?

GNUCITIZEN is an ethical, white-hat organization that doesn't hide anything. We strongly believe that knowledge belongs to everyone and we make everything to ensure that our readers have access to the latest cutting-edge research and get alerted of the newest security threats when they come. Our experience shows that the best way of protection is actually mass information. And we mean that literally!!! It is in the public's best interest to make our findings accessible to vast majority of people, simply because it is proven that the more people know about a certain problem, the better. Yes, sometimes the bad guys can use the information in unethical ways but this is a calculated risk which we, as a society, can afford to take.

2. What did we accomplish?

We avoid to think about our achievements in numbers and tables, simply because we believe that the greater satisfaction in life comes when you feel that the things you do are worthy and meaningful. GNUCITIZEN is not some weird laboratory of creating exploits, but a place where everyone can find the best solutions and awareness of numerous security risks. Usually when we talk about vulnerabilities and hacking, we are trying to consider the attacks in much broader context. We are trying to look beyond their technical aspects and predict the ways that they can affect the other parts of the system. And if some of you think of us very darkly it is just because every single member of our team has the guts to name the things the way they are.

3. What would we have done differently?

If there is something that we really regret is the proportion between Web app and other types of research we've published during this year. Looking back in the past couple of months is also easy to see that the sensational elements slightly dominate over the quality of our content. I am not saying that we are consciously pursuing some kind of a fame, but sometimes the way we express our self is a bit shocking for such a young and small professional community as ours. We also believe that integration, not differentiation, is the path everyone must take in order to increase the excellence of security services. And this means more personal involvement, public discussions and challenged creativity.

4. What were the most significant events of the year's past?

We have done a lot of "pocking around" across many sectors of our industry. Unfortunately, you have heard of the ones that we could afford to made public. We have concentrated most of our efforts and time on exposing client-side security issues and also investigating methodologies of how to penetrate various embedded devices and we believe that we were successful in these on many, many levels. Looking back, we cannot omit our achievements on bringing the "hacking mindset" to the masses with what we would like to refer to as the "GNUCITIZEN sessions". We have also done well with establishing the Black Public Relation (blackpr, bpr) security practices in London. We find this a great achievement and something that worths to be improved on in the future.

5. How are we going to be different next year?

When we started the group a couple of months ago, we were not quite sure what exactly we want to achieve in the future. To be honest with you, the only thing we knew at that time was what kind of a vision we were willing to avoid. We wanted to create a space, where you won't read our interpretation of already existing news or be bored with personal stories of our modest lives. We wanted to show you that hacking is not just some kind of illegal craft, but an ancient art and a state of mind. Just like the martial arts, in order to protect yourself you need to predict in advance your enemy's moves, you need to choose the right tools and define the perfect moment not to attack but to save your most valuable assets.

Driven by our favorite mantra "hacking is a lifestyle", the GNUCITIZEN group has significantly expanded its team and added several new affiliates to its core body like Hakiri, Securls and Spin Hunters. We had the pleasure to have as a guest bloggers some of the greatest "samurais" in the industry and had the nastiest comments and personal remarks you can ever imagine. We hope that we will continue doing that during the next year as well. It has been only an year since we started GNUCITIZEN. Babies start walking after their first year. We expect to have more interesting stuff coming up for the future and of course, have a lot more troubles because of them, but it is within us to tackle whatever obstacles we have ahead of us and move forward.

Happy holidays! Stay tuned...

Archived Comments

Happy Xmas :)
The research coming out of GNUCITIZEN during '07 has been great. here's to keeping things going in '08
H4ppy Chrtmas ! Good work during ‘07 :)
thanks for sharing your knowledge! good work!
Very nice and I hope to see alot more from gnu, happy holidays. cksnot-
Shoaib YousufShoaib Yousuf
Good work guys. You guys are really doing good. Wishing you all the best. Cheers Shoaib