For people who follow the McGrewSecurity.com blog by Wesley McGrew, you are no doubt familiar with an “internet user” by the name of Yousif Yalda. For a little background, take a read on Wesley’s post on some of the “business tactics” of Yousif.
Seeing as how this is the internet, and we’re all entitled to our opinion, I posted my own opinion as a comment on the blog, what follows is an AIM coversation with Yousif about my comment. Entirely uncut and unedited (I replaced foul language with “****”). I think the security community should know. Without further ado:
11:32:02 PM Yousif: .
8:59:51 AM Lee: ?
11:20:17 AM Lee: You IM’d me?
11:20:25 AM Yousif: Yup
11:20:40 AM Yousif: So why exactly did you say what you said on Wesley’s post about me?
11:21:00 AM Lee: Because I had seen some of the posts you had posted in the mailinglists that I read
11:21:09 AM Yousif: Right..
11:21:15 AM Yousif: Go ahead and support yourself.
11:21:24 AM Yousif: I want to know what’s so noobish about my posts.
11:21:47 AM Lee: I didn’t say that they were “noobish”
11:22:21 AM Yousif: You said I needed attention?
11:22:22 AM Yousif: How so?
11:22:47 AM Yousif: I merely asked for views and opinions to be expressed amongst what I had linked.
11:22:48 AM Lee: your mailing list post seemed more like shameless self-promotion
11:23:07 AM Yousif: No, you’ve just got the wrong idea.
11:23:24 AM Yousif: Btw, if you didn’t, I’m only 17 and I’m managing x1000 more than you ever can.
11:23:35 AM Yousif: So you need to learn to shut your mouth and think about what you say next time.
11:23:43 AM Lee: you have no idea how much I manage..?
11:23:53 AM Yousif: It’s been barely an entire year for me in web application security..
11:23:59 AM Yousif: All I’ve been doing is trying to learn and contribute.
11:24:12 AM Yousif: Dude, I’m a nice ***ing guy and I work hard, Wesley is an idiot.
11:24:29 AM Yousif: We were cool to a point until he got upset because I stopped talking to him.
11:24:37 AM Yousif: The information he provided is false and was photoshopped..
11:24:39 AM Lee: Wesley isn’t an idiot, I hardly believe that’s true
11:25:06 AM Yousif: Those screenshots; only one is true, the FTP screenshot because I sent him that when we were discussing how to implement SSL in a specific manner.
11:25:11 AM Yousif: The rest is garbage.
11:25:43 AM Lee: Why should you care what he posts then? Why not just ignore it?
11:25:58 AM Yousif: Don’t act stupid. You want me to drop YOUR docs?
11:25:59 AM Yousif: Do you?
11:26:09 AM Yousif: You want to appear as a top-page result in Google?
11:26:10 AM Lee: “drop my docs”?
11:26:12 AM Yousif: I don’t think so.
11:26:16 AM Yousif: Aww how cute.
11:26:20 AM Yousif: You don’t know what that maens.
11:26:21 AM Yousif: means*
11:26:23 AM Yousif: Exactly.
11:26:27 AM Yousif: Your pure Whitehat.
11:26:33 AM Yousif: You don’t even know basic terms of a black hat hacker..
11:26:34 AM Lee: Pardon me for not being familiar with your slang
11:26:40 AM Yousif: I was one, and I’m trying to be clean.
11:26:50 AM Yousif: It means I’ll post information about you.
11:26:53 AM Yousif: Negative information
11:27:05 AM Yousif: Where you live, number, and a lot of stuff that isn’t public.
11:27:08 AM Lee: so, is that supposed to scare me?
11:27:16 AM Yousif: That’s a question only.
11:27:16 AM Lee: where I live and my number is public anyhow
11:27:26 AM Lee: knock yourself out
11:27:34 AM Yousif: Oh, how cool would it be for me to automate something to call you every couple of seconds?
11:27:39 AM Yousif: Hmm, that sounds peaceful..
11:27:42 AM Yousif: Be realistic here.
11:27:51 AM Yousif: No one wants that type of information out like that especially as such a post.
11:28:03 AM Yousif: Ignoring it doesn’t make it go away.
11:28:19 AM Yousif: It simply ruins my reputation, and I’ve done nothing to have that going for me.
11:28:42 AM Yousif: It also doesn’t help when you don’t have a factual clue about me and you go and post that comment
11:28:49 AM Lee: my personal information is widely available on the internet, I don’t think a post by you is really going to change that
11:29:07 AM Yousif: Do you know what happens after you drop someone’s dox?
11:29:12 AM Yousif: Dude, it goes into EFFECT.
11:29:25 AM Yousif: You’ve got a number, well I’ll threaten you, that’s how the game is played.
11:29:34 AM Yousif: You’ve got an address, I’ll come over and stab you.
11:29:36 AM Yousif: It’s common ****.
11:29:55 AM Lee: are you aware that this is a record of threat, and that it can be used as legal evidence of that fact?
11:30:17 AM Yousif: Not really, genius.
11:30:24 AM Yousif: I showed you that it was an example of what that term meant.
11:30:27 AM Yousif: I can do the same as he had done but instead provide valid information supporting my post, but I’d rather not because I’m not here to dual with anyone.
11:30:52 AM Lee: if you’re not here to “dual” with anyone, why the defensive and attacking attitude?
11:31:18 AM Yousif: You posted a negative remark about me, how can I be cool with that; especially when it’s not true.
11:31:50 AM Yousif: Attend a conference and talk to me once, we’ll see who’s “attention-needy”.
11:31:57 AM Lee: it’s a blog, it’s my opinion, it’s the internet, opinions should be respected
11:32:28 AM Lee: if you don’t agree, ignore it
11:32:45 AM Yousif: Again, it’s not something that can be ignored..
11:32:47 AM Yousif: You know that.
11:33:10 AM Lee: I believe it’s quite ignorable
11:33:36 AM Yousif: It’s like saying “I’ll drop your docs and mass spam it across a HUGE text file with emails so everyone can see this”.
11:34:28 AM Lee: and like I was saying, personal information for me is already easily accessible on the internet
11:35:28 AM Lee: from what I can tell, it looks like similar people have the same opinion as me, why not go bother them?
11:35:58 AM Yousif: I’m not bothering you, I’m making you feel very stupid for what you had to say.
11:36:16 AM Yousif: You also can’t understand what dropping your docs mean after I told you what it is, along with examples.
11:36:20 AM Lee: I’m not feeling stupid
11:36:49 AM Yousif: Yes, you are. You respond back with remarks that make no sense, but instead go in a cycle of bull****.
11:37:11 AM Lee: alright, what remarks need clarification then?
11:37:22 AM Yousif: Yes, genius your information is public, but there are private information I can get against you, post it and tell people to harass and threaten you a million times.. Now do you understand?
11:37:42 AM Yousif: You keep thinking that your information will be there for eyes to read.. instead it’ll be used.
11:37:51 AM Lee: what makes you think people will want to threaten and harass me?
11:37:53 AM Yousif: But that’s just an example to clarify your misconception.
11:38:06 AM Yousif: It’s a game, it’s how it’s played.
11:38:08 AM Yousif: Google it.
11:38:47 AM Lee: frankly, I don’t care what you and your buddies are up to with my information
11:39:00 AM Yousif: Anyways, I’m done with you. I was trying to implement some facts to make you more open-minded but I see that your just as wrong as he is, so do what you want, I’ll be seeing you soon.
11:39:40 AM Lee: toodles
Changed status to Idle (11:58:12 AM)
Did I handle that perfectly? Probably not, but that’s the internet. If you’re easily offended by other’s opinions, leave.
I welcome comments
Wesley McGrew wrote:
I really liked the part where he said he’d stab you. Stabbing’s such a personal and angry way of attacking someone.
As far as dropping docs is concerned, I think he must have found something from the mid-nineties about it from textfiles.com’s old bbs archives.
Link | March 28th, 2008 at 11:21 am
Anonymous wrote:
“Dropping docs”, which is more commonly referred to as “dropping dox” is not a Black Hat term. Yousif is an a*****e however, does not realize this, and goes by what he reads off of others’ conversations. Should Yousif decide to go this route we (a number of us) will have no problem dealing with him in a similar manner. We’ve held off thus far seeing as how he doesn’t seem to fully understand the ramifications of his past (and by past we mean recent) actions.
Plain and simple he has no idea what he’s talking about, no skills, and is noone to be feared, or even bothered with. All he knows is what he finds others talking about. Acunetix won’t do the job forever, d******d.
Link | March 28th, 2008 at 1:10 pm
enhanced wrote:
It’s difficult to type when laughing so hard that my sides hurt… but I’ll suffer through it.
Not sure… but I think his “stabbing” might be of a less than heterosexual nature… That being said, I already don’t like the guy… perhaps someone needs to piss in his wheaties… oh, wait… he doesn’t seem to eat wheaties? Well, I am sure that we can come up with “alternate” means of dealing with the dolt!
Eat more SeaFaawkinghell
~enhanced
Link | March 28th, 2008 at 7:20 pm
Parker wrote:
Good lord. What a douche.
Link | March 31st, 2008 at 10:17 am
Paul wrote:
You were right, that was pretty funny
Link | April 3rd, 2008 at 7:00 pm
JaBbA wrote:
Have you looked at his “company”’s website? You’d think he’d try using a spell checker at least there!
Millions of credit cards are stoled yearly. Perhaps you’re a victim of a vulnerabile website that stores and processes credit cards, but doesn’t bother to secure their system. For the average user, this is a problem. For a company, this is a nightmare. What if your company’s private information is stolen and leaked out to the public for malicious intent? Can your company afford the downtime?
Oh. My. God. I can’t stop laughing…..
Link | May 23rd, 2008 at 10:32 am
McGrew Security Blog » Blog Archive » Yousif Yalda Part 2: Script Kiddies in the Mist wrote:
[…] not make it. I am, however, sort of disappointed that I don’t warrant being stabbed, like Yousif has threatened to do to Lee Hinman over at the excellent writequit.org blog. He is, however, willing to pay for someone to else to […]
Link | September 1st, 2008 at 12:46 pm
EvilNightHacker wrote:
This guy appears to be just a garden-variety troll. Probably the worst thing we can do is to keep talking about him like this. As long as he continues receiving all this attention–negative though it may be–he’s going to keep harassing this community.
Link | September 10th, 2008 at 1:26 am
Lee wrote:
@EvilNightHacker, personally, I haven’t done anything other than comment on a blog post to incite this kind of trolling from Yousif. I do, however, think it is important that he receives some amount of attention, so that potential customers may think twice before hiring someone with questionably legal business practices and activities, as Yousif has demonstrated in the past.
On this blog, I notice searches for “Yousif Yalda” at least once a day; future customer of his? Egotistical googling? Who knows, but I like to think that someone out there will gain from seeing how Yousif handles “situations”.
Link | September 10th, 2008 at 7:59 am
EvilNightHacker wrote:
Yeah, I realize that.
There seems to be a public suspicion regarding any security-related industry, that if you’re hiring knowledgeable people familiar with common criminal behavior, there’s a strong possibility they may be engaging in that kind of behavior themselves. It’s like the “bad cop” complex, or the security guard who steals merchandise out of the warehouse he’s being paid to protect. People like this Yousef character are extremely counterproductive in dispelling such notions, so I do appreciate the need for exposing such crooks/charlatans in the industry wherever you find them.
Link | September 10th, 2008 at 2:20 pm
Reid wrote:
This post is what made me subscribe to your RSS feed. I don’t know you, or this Yousif, but that was hilarious.
Link | October 14th, 2008 at 12:11 am
headyahoopet wrote:
night key yahoo australia student greed red student are
Link | October 15th, 2008 at 5:58 pm
Rishabh Dangwal wrote:
Blackhat background ? that guy doesn’t even have an idea of what he is saying, I guess he is just threatening with his self imagined skills..what a loser..
Link | May 16th, 2010 at 8:48 am
watchville wrote:
definitely…what a loser…
Link | December 16th, 2010 at 5:00 pm
Tech n Stuff wrote:
right! he should’ve not said anything for good!
Link | August 19th, 2011 at 1:46 am