Bugtraq mailing list archives
Re: Various resources
From: c617666 () everest cclabs missouri edu (Paul Walmsley)
Date: Sun, 9 Oct 1994 00:30:39 +36000
On Sat, 8 Oct 1994, Mark wrote:
One example that comes to mind is someone who wanted to get rich quick in the cracking tools sense and he expected to just turn up and have it all given to him. It didnt happen of course as he was an unknown and had to basically do the social interaction to prove his character before he was to have any trust emplaced in him. But, as you might expect he didnt want
I'm not sure that I completely believe this model. Some "trashers" have all the scripts, and don't hesitate to use them. Plus, it's becoming progressively easier for unknowns to get their hands on high-powered tools. I don't think that this is necessarily a Bad Thing, or otherwise I wouldn't support full disclosure. The Bad Thing is that one has no idea how "socially responsible" an unknown is. If your network is completely populated with users who wander around from system to system doing Good Things, like fixing problems -- or just generally being "socially responsible," then there really is no need for security. Very utopian, unfortunately. rms used to have an unpassworded account on the GNU project machines; if memory served, he had to add a password due to the crap that "non-socially responsible" people would perpetrate under his ID. The aware sysadmin ends up with the compromise of having to spend a considerable amount of time on security in the hopes that whoever is sophisticated enough to break in will also be sophisticated enough to be a hacker in the more traditional sense of the term. (This discussion is kind of off-topic for Bugtraq - E-mail is probably best for continuing this one. Maybe a comp.security.philosophy :) )
Cheers, Mark
- Paul "Shag" Walmsley <ccshag () everest cclabs missouri edu> "I am learning and evolving."
Current thread:
- Re: Various resources Mark (Oct 08)
- Re: Various resources Paul Walmsley (Sep 23)