Dailydave mailing list archives
Re: Hacking: As American as Apple Cider
From: Isaac Dawson <isaac.dawson () gmail com>
Date: Fri, 9 Sep 2005 18:13:45 -0400
"Think about it for a couple of minutes: teaching yourself a bunch of exploits and how to use them means you're investing your time in learning a bunch of tools and techniques that are going to go stale as soon as everyone has patched that particular hole. It means you've made part of your professional skill-set dependent on "Penetrate and Patch" and you're going to have to be part of the arms-race if you want that skill-set to remain relevant and up-to-date. Wouldn't it be more sensible to learn how to design security systems that are hack-proof than to learn how to identify security systems that are dumb?" I don't know about the rest of you but I learned how to find bugs by analyzing other peoples exploits in the beginning. Even now I come across a 'new' exploit (I use that term lightly) that teaches me something I definitely didn't know. How would I know how to design a secure system without being able to identify insecure ones? I would I learn how to identify insecure ones if I didn't know how the hell to write bloody exploit code that could take advantage of a flaw? Or use techniques that I learned from other peoples exploit code? I dunno this guy seems a bit off the wall to me. Making fun of the security industry is both easy and useless. -isaac On 9/9/05, Paul Melson <pmelson () gmail com> wrote:
I don't think it's either idiotic or profound, really. The notion that there's no technical advantage to hiring 'n0t0ri0uz hax0rz' and buying exploits seems fairly obvious to me. But it does get you trade press and that gets you money, so lots of netsec product hucksters do it. What's really happening, though, is corporations are grabbing for the same kind of notoriety that individual hackers sought a decade ago (and still seek today, especially with cushy R&D jobs and book deals at the end of the rainbow). And for what? My security still sucks, their products still suck, and some venture capitalist has a new Porsche. Now THAT'S as American as Apple Pie. PaulM -----Original Message----- Subject: [Dailydave] Hacking: As American as Apple Cider Everyone's in a tizzy over this Ranum posting where he explains that hacking is not cool. But hacking is clearly cool. So I don't get it. I think if you take a strong enough position in any one direction on hacking you will be both profound and idiotic and I'm not sure where this posting lies. http://www.ranum.com/security/computer_security/editorials/dumb
Current thread:
- Hacking: As American as Apple Cider Dave Aitel (Sep 09)
- RE: Hacking: As American as Apple Cider Paul Melson (Sep 09)
- Re: Hacking: As American as Apple Cider Isaac Dawson (Sep 09)
- <Possible follow-ups>
- RE: Hacking: As American as Apple Cider Kyle Quest (Sep 09)
- Re: Hacking: As American as Apple Cider Nick Drage (Sep 14)
- RE: Hacking: As American as Apple Cider Fergie (Paul Ferguson) (Sep 09)
- Re: Hacking: As American as Apple Cider Nate McFeters (Sep 09)
- RE: Hacking: As American as Apple Cider Kyle Quest (Sep 09)
- Re: Hacking: As American as Apple Cider Marcus J. Ranum (Sep 09)
- Re: Re: Hacking: As American as Apple Cider Dinis Cruz (Sep 11)
- Re: Re: Hacking: As American as Apple Cider Gadi Evron (Sep 11)
- Re: Re: Hacking: As American as Apple Cider Dustin D. Trammell (Sep 13)
- Re: Re: Hacking: As American as Apple Cider Barrie Dempster (Sep 14)
- Re: Re: Hacking: As American as Apple Cider Dinis Cruz (Sep 11)
(Thread continues...)
- RE: Hacking: As American as Apple Cider Paul Melson (Sep 09)