Anti-Sec, an ominous sounding hacker group, has pulled another attention-grabbing stunt. In last week's hack of US image host ImageShack, the group dismissed the policy of full-disclosure of vulnerabilities, an essential piece of policy in the eyes of many security specialists, as playing into the hands of the security industry. The group believes that the security industry uses full disclosure and the publication of exploits only as "scare-tactics to convince people into buying their firewalls, anti-virus software and auditing services."

Anti-Sec has been attracting attention over the last several weeks using website hacks. They redirected all images on ImageShack to their pamphlet. The group has openly attacked security-related websites such as astalavista.com, accusing the individuals running the site of charlatanism. The hacks have also led to rumours that the group is in possession of a zero day exploit for OpenSSH.

In their 'manifesto' published as an image on ImageShack, they claim that full-disclosure helps only script kiddies who use the exploits to raid vulnerable servers. "If whitehats were truly about security this stuff would not be published, not even exploits with silly edits to make them slightly unusable," (at least for script kiddies) "As an added bonus, if publication wasn't enough, these exploits are mirrored and distributed widely across the Internet."