Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Extreme Hacking

From: Bennett Todd <bet () newritz mordor net>
Date: Fri, 9 Jul 1999 00:26:58 +0000
1999-07-05-20:26:55 Marcus J. Ranum:

Hacking isn't a technological problem, it's a social problem.
As such, it's not going to be "solved" by technological means,
but rather by social means.


I dunno, much as I hate to step up and disagree with you of all people, I
can't quite sit still for that.

I believe "hacking" (in the sense it's being used here, as in burgling) is a
symptom of a technological problem. Substantial and sophisticated systems,
offering rich and diverse services, _can_ be designed and assembled with no
exploitable security problems; a certain amount of conservative caution is
needed, and in maintenance you have to keep an eye out for new discoveries,
but if more people designed systems with security as a primary requirement,
there'd be negligble activity among the computer burglars --- going around
twisting doorknobs gets boring if none of 'em ever turn.

The cool thing is that making security a driving requirement pushes you
towards simpler designs, based on stable and well-designed building blocks,
and these in turn tend to be reliable, and often very fast; there are rewards
all over for doing things right from the beginning.

Admittedly it can be nearly impossible to retrofit security onto a
sufficiently-screwed-up, sufficiently-large system --- but such a screwup is
where you can routinely demonstrate terrific benefits from a cold redesign and
reimplementation.

-Bennett
Previous By Date Next
Previous By Thread Next

Current thread: