
HBGary planned to "blow the balls off Nmap" - desigooner
http://seclists.org/nmap-dev/2011/q1/767
======
nikcub
I was reading this and thinking 'I am pretty sure nmap already does this', and
as the first reply confirms, it does:

<http://seclists.org/nmap-dev/2011/q1/768>

all these leaked emails just remind me why I left the netsec industry so long
ago

Just reading this email and knowing these types of people I already know how
this came about:

1\. random surfing on the web and finds out about LFSR

2\. thinks 'this would be awesome for a port scanner'

3\. sends email with 'lets do something like nmap but better and faster using
this thing i just read about on reddit'

4\. 'i done my bit, GO TEAM!'

5\. add 'software architect' to email signature

~~~
tptacek
"There's this thing called an LFSR; it's math-y, but very cool" in a 2009
message from someone pretty well plugged-in to the vulnerability research
scene tells you a lot about where we stand with crypto vuln research.

~~~
barrkel
I think that's slightly unfair; Greg's expertise isn't in crypto, but in
Windows NT kernel internals.

~~~
burgerbrain
_"Greg's expertise isn't."_

ftfy

~~~
tptacek
Do you work in the field? I don't know that you actually "fixed" that.

~~~
Confusion
I don't know the credentials of this 'Greg' in any field, but he comes across
as an inexperienced blowhard, that makes me doubt he could possibly have any
expertise in any area. A modicum of expertise in some area and experience in
developing software should ensure someone has more respect for something like
nmap. It's a nontrivial piece of software and this email comes across as "I
can build Reddit in a weekend".

~~~
tptacek
Let's definitely debate Greg Hoglund --- someone you admittedly don't know
anything about, but are apparently happy to comment about --- rather than
talking about the thing this comment thread is ostensibly about.

~~~
Confusion
I'm debating _his email_ , which is exactly what this entire topic is about?

~~~
tptacek
It is frustrating that, since Hoglund appeared in the Anonymous storyline,
that's all we get to talk about --- because people, like (I don't know you, so
don't take too much offense) you, come out from the woodwork and hang
superficial barbs like so many ornaments on an ugly, boring Christmas tree.

You are commenting about this guy's personal, private email. You don't have to
like or respect him. But your contribution to this thread --- "This guy sounds
like a total asshole in his emails!" --- degrades the discussion. I'm calling
you on it. Please, don't be such an asshole.

------
pyre

      > It should be FAST AS SHIT
    

Last I checked, fecal motility was pretty low. Maybe he should get that
checked out...

[update]

<http://seclists.org/nmap-dev/2011/q1/771> :

    
    
      > I've already had my brain cranking on what
      > elite networking code I could now write in
      > the kernel and I've always wanted to write
      > a badass portscanner too.
    

And now he can program those both over wifi with his laptop while in his tree
fort with the "no parents allowed" sign hung off the side. Afterwards he can
rescue his girlfriend from ninjas with is excellent karate skills...

Both of those emails seriously boggle my mind...

~~~
tptacek
Everything about it is mindboggling; if you're going to put effort into
building something in a place as inhospitable as the kernel, a _portscanner_?
Who's going to pay for that?

~~~
jrockway
The harder it is to write an application, the better the application must be.
Putting stuff in the kernel means it will be harder to get right, so clearly
the app will be better.

A security hole in the kernel is a small price to pay for a 0% speed increase.

~~~
alexgartrell
System calls are expensive for a variety of reasons (including, but not
limited to, the cost of extra data copies and the cost of switching security
"rings"). For system-call heavy applications (in particular, networked
services), moving things into the kernel provide huge speed benefits. [0] [1]

You are right that it's generally a stupid choice to make, but you're dead
wrong in assuming that it's got no benefit at all.

[0] <http://read.cs.ucla.edu/click/click>

[1] <http://www.research.ibm.com/afpa/> "All three components are implemented
in the operating system kernel for maximum efficiency"

------
noonespecial
I am deeply sceptical of any technology where the builders think up the name
first and then try to find a reason it should be called that. It just seems
too much like stuff I did when I was 12.

~~~
slapshot
How do you feel about GNU?

~~~
mahmud
GNU is not a technology, it's a movement. And to get all Marxist up on this
joint, the building blocks for a new movement is created long before the
leader is conscious of the need for one; the status-quo automatically provides
an _anti-_ checklist to motivate mobilization. One only has to scream "down
with the government!" in a poor neighborhood to prove this; no further
deliberation is needed, as the audience comes equipped with its own reasons to
revolt.

~~~
pnathan
Sounds more like the Hegelian dialectic than Marxist.

~~~
mahmud
And you would be absolutely right! Marx was a Young Hegelian and applied it
political thinking and his theories of society.

------
olalonde
> I would like to call it "B.E.S.T. Scanner" so people kind of get stuck
> calling it "the best scanner". We can figure out what BEST means later.

Epic.

~~~
defen
Ball Erupting Scanner Technology

~~~
tomelders
I almost bust a nut loling out loud at that.

------
chipsy
Most programmers I know get the "I just discovered a silver bullet, damn I'm
awesome" nonsense schooled out of them somewhere between entering college to a
few years after, but apparently HBGary is an entire organization built on the
exception.

~~~
noonespecial
Yeah, I remember the day when my default action on thinking up an _"awesome
game-changing idea"_ became immediately looking up who had already tried it
and why it didn't work.

Older, sadder, wiser.

It gets better, eventually you think of an idea that some tried that _did_
work and feel a little better.

------
tptacek
Yeah so these are ideas that date back to the '90s, so it is _genuinely weird_
to see Hoglund talking about them in 2009. But for whatever it's worth: if
ever a tool needed its balls blown off, it's nmap. I have nothing but respect
for Fyodor, but that space badly needs real competition.

There is, for what it's worth, very little reason why the best scanner need be
written in C. Scanners aren't even I/O bound in their most common use case;
they're timer-bound.

~~~
electrum
> There is, for what it's worth, very little reason why the best scanner need
> be written in C.

What about all the packet manipulation code? Bit twiddling tends to be
difficult in other languages.

~~~
tptacek
Bit twiddling is much easier in other languages than in C. And virtually every
mainstream language has a pcap binding for the packet reading and injection
(although a good straight-socket scanner could still give nmap a run for its
money).

------
blhack
What's terrifying about this is that this company somehow scored a contract
with the FBI.

How many other HBGary Federals are there out there?

~~~
tptacek
Why is wanting to compete with nmap a terrifying attribute of an FBI
contractor? Technology within the FBI pretty much begins and ends with EnCase.

~~~
kovar
While the FBI isn't known for being on the technical bleeding edge, and used
to bleed a lot for technical screwups, the RCFL's - Regional Computer
Forensics Labs - are very much out there on the leading edge of computer
forensics technology.

\---

There are some amazing technical innovations in EnCase and the products built
on it. Unfortunately, the company has management issues that result in some
very poor decisions in many areas, including deployment of software
development resources.

~~~
m0nastic
I've been using EnCase for about a decade (including a large portion of that
working with the FBI), and I honestly can't think of any amazing technical
innovations.

The support for reading .pst files? The fact that it can finally handle
filesystems besides FAT32 and NTFS? Certainly not it's stability.

EnCase is very good at what it was designed for, which is basically an idiot-
proof way for an investigator to comb through a hard drive looking for search
terms.

I would argue that technically EnCase isn't even as good as FTK, which is
something that pretty much every third-party evaluation of the two products
has shown.

I won't disagree that there are some smart folks working at the FBI, and
that's not even counting the ones who spend all their time developing "zoom
and enhance" software for photo analysis.

------
Getahobby
Please, please, please STOP referring to networks as class a, b, c, etc. The
1980s called, they want their networking jargon back.

~~~
bingaman
What is the correct terminology?

~~~
jf
<http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>

------
sucuri2
Everyone says stupid things on emails. Specially on PRIVATE emails.

It is funny, sounds stupid what he is saying, but how many stupid things we
say on email, IM etc on a daily basis? Don't judge just because of it...

------
s00pcan
"We can find source code for such things on the net to help us write it. It's
just a few lines of code."

------
desigooner
Is this a case of greed and a road to fast fame?!

This coming out from someone as respected (at least in the past) and renowned
researcher like Hoglund doesn't give a ringing endorsement to the industry.
Was he that desperate for fame and fortune?!

------
svag
I think a similar effect with LFSR you can have with a De Bruijn sequence
<http://en.wikipedia.org/wiki/De_Bruijn_sequence>.

------
some1else
So this is really what all the commercially oriented security researches are
like?

It seems that the people I truly consider hackers rather commit a patch.

------
wheels
It's lame that this is on HN. Basically it's just finger pointing and laughing
at someone for being stupid on the internet (in a private mail, it seems).

~~~
jarin
Not being stupid on the Internet could be considered relevant for Internet
entrepreneurs

