Thread | Brutkey

It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?

There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.

Matt Blaze
@mattblaze@federate.social

So while openly publishing offensive security techniques might indeed help criminals, that harm is outweighed by significant benefits. Every properly trained computer science student should understand how to exploit vulnerabilities. Because the attackers DEFINITELY understand it.

Matt Blaze
@mattblaze@federate.social

The bottom line here is that while being the subject of attack by a deranged internet mob is never fun, sometimes it's the cost of doing business for doing interesting work.

And for those who yell at me for posting black and white photos or not putting content warnings on discussions of current events or not using enough hashtags or whatever, don't bother. I've stared down angry locksmiths and come out the other side.

Matt Blaze
@mattblaze@federate.social

I've gotten a few replies asking me if I regret publishing this or would do anything differently.

No. I'm proud of this work. I think it has value. I would do nothing differently. I am, evidently, remorseless and incorrigible.

rag. Gustavino Bevilacqua
@GustavinoBevilacqua@mastodon.cisti.org

@mattblaze@federate.social

The issue is not "how can I protect my 42 Rolex from thieves?" but "Why must a thief pick my 42 Rolex?", bringing to ask "Who taught to this person that to have 42 Rolex is good?", i.e. "Who invented the competition based on the possession of things?".