Hackers call for info anarchy

Weeks after Microsoft slammed full disclosure of vulnerabilities in the security industry, a hacker group has issued a call to arms to spread the very same 'information anarchy' the Redmond Giant damned.

In a posting to numerous high profile security mailing lists including VulnDev, hacker group Nomad Mobile Research Centre (NMRC) called for the hacker community to "demonstrate to Microsoft and the world what true Information Anarchy is."

The phrase was coined by Scott Culp, manager of the Microsoft Security Response Centre, last month, when he attacked full disclosure for 'arming cyber criminals' and helping attackers to devastate networks.

In response, NMRC has proposed "that everyone who is involved in security research and supports full disclosure, steps up research efforts and releases those issues that they have been sitting on."

The group is encouraging hackers and security experts to "flood the security department of every vendor with new issues. Let's show the world what they would miss and what information could just as easily have stayed in the underground rather than be posted to Bugtraq or Vulnwatch," it said.

Culp got a number of backs up in hacker and security communities when he issued his statement, effectively proposing a block on full disclosure. Microsoft is also set to put forward its proposal in conjunction with the Internet Engineering Task Force as a Request For Comments (RFC).

An NMRC member, going by the handle HellNbak said rumours abound "that Microsoft has been contacting the management of various research groups to discuss with them their disclosure policies and how to fall into the new Microsoft line of thinking."

Wishing to remain anonymous to protect his identity as a bona-fide security consultant, he added, "make no mistake about it - full disclosure is in clear and present danger of being stomped out by vendors like Microsoft."

"Unfortunately, it seems the only message that the software vendors learned was that security issues are expensive. And while money should be spent convincing the public that the vendors care about security issues, the full disclosure community needs to be crushed so that things can go back to business as usual," he said.

HellNbak?s sentiments echo those of many in the security industry who say that attempts to quash full disclosure will simply force it underground, whilst giving the vendors free reign to ignore security holes.

NMRC has given the movement a name - Information Anarchy 2K01.

"We have had the lame, media-created defacement wars between script kiddies - now it is time to wage a true war that will demonstrate our skills, and more importantly, demonstrate to the vendors, the corporations, and the world, what they are forcing into the underground," the group said.