Dailydave mailing list archives
Life, the Universe, and Everything (was: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site")
From: "I)ruid" <druid () caughq org>
Date: Fri, 23 Sep 2005 01:31:14 -0500
Responding to two separate messages: On Wed, 2005-09-21 at 14:21 -0400, Marcus J. Ranum wrote:
Like I said, without hacking more people would completely trust these systemsFool. Without hacking THERE WOULD BE NO PROBLEM WITH THE SYSTEMS AT ALL.
...
I believe that users become vulnerable through a combination of events: - choice of what code the user will be running - pre-existence of a flaw in the code - discovery of the flaw - exploitation of the flaw All four of these things must happen (in approximately that order) for a user to become vulnerable. If any single one of those four does not happen, the user is not vulnerable to a particular flaw.
I get the impression that you believe that if you are unaware of something, it doesn't exist. In the first message above, you suppose that if there are no hackers exploiting vulnerabilities on a system that the vulnerabilities do not exist (paraphrasing, please correct if I didn't get the gist of it). I suggest that they do exist, they are just not utilized. That is still a problem, because if they exist they will eventually be utilized, even if they aren't right now. When was the last time a race with inherent exploratory spirit like humans not utilized something that they had discovered existed? As Dave suggested in his essay, hacking is truly an extension of the human spirit. In your second message, you follow the same theme and state that a user is not vulnerable until the flaw is actually exploited (i.e. the vulnerability is utilized). I disagree, they were vulnerable at step two, the instant the flaw came into existence, the vulnerability just did not impact the user until step four. Step two in your list provides a place for the list to fork with multiple discoverers and even more exploiters (assuming there's a step 3.5 of disclosure to one or more 3rd parties). Steps >=3 cannot exist unless the user is vulnerable at step two. This of course assumes we are only discussing exploitable flaws. In conclusion, I ask you this; If a tree falls in the woods, and no one is around to hear, does it make a sound? I'd guess that you'd say no, it doesn't because there are no ears on which the sound could fall. Or maybe you were around and closed your eyes and covered your ears. But of course it does. It always makes a sound. Even if you try not to see or hear it and it lands square on your head. Unless it falls in the vacuum of space, but then, is it really falling at all? Or floating? Or does floating imply that there are air molecules within which to float? But I digress, it's late here. But if I don't look at the clock, is it really late? I guess it's always late somewhere... -- I)ruid, CĀ²ISSP druid () caughq org http://druid.caughq.org
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Re: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site", (continued)
- Re: Re: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site" Drsolly (Sep 21)
- Re: Re: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site" Marcus J. Ranum (Sep 21)
- Re: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site" haroon meer (Sep 21)
- Re: Re: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site" Barrie Dempster (Sep 21)
- RE: Re: Exactly 500 word essay on "Why hacking iscool, so that Marcus changes his web site" Paul Melson (Sep 21)
- RE: Re: Exactly 500 word essay on "Why hacking iscool, so that Marcus changes his web site" Drsolly (Sep 21)
- RE: Re: Exactly 500 word essay on "Why hacking iscool, so that Marcus changes his web site" Barrie Dempster (Sep 21)
- Message not available
- Re: Re: Exactly 500 word essay on "Why hacking iscool, so that Marcus changes his web site" Marcus J. Ranum (Sep 21)
- Message not available
- Re: Re: Exactly 500 word essay on "Why hacking iscool, so that Marcus changes his web site" Barrie Dempster (Sep 21)
- Re: Re: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site" Marcus J. Ranum (Sep 21)
- Life, the Universe, and Everything (was: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site") I)ruid (Sep 23)
- RE: Life, the Universe, and Everything (was: Exactly 500 word essay on"Why hacking is cool, so that Marcus changes his web site") Jos Pols (Sep 23)
- RE: Life, the Universe, and Everything (was: Exactly 500 word essay on"Why hacking is cool, so that Marcus changes his web site") Bryan McAninch (Sep 24)
- Re: Re: Exactly 500 word essay on "Why hacking is cool, so that Marcus changes his web site" Robert Nickel (Sep 26)