Firewall Wizards mailing list archives
Re: Extreme Hacking
From: Brad J Passwaters <bjp () eng us uu net>
Date: Thu, 8 Jul 1999 23:38:02 -0400 (EDT)
On Wed, 7 Jul 1999, Darren Reed wrote:
Knowing the potential vulnerabilities of a system is the first step towards making it secure. It's even better if you can get ahead of the curve and discover new methods of breaking into a system that aren't yet public knowledge -- your systems will be that much more secure. Who better to secure a system against crackers than a cracker, provided you trust them?Knowing how to break into a system does not provide knowledge in making it secure. Whilst there is definately some feedback between the two, one does not imply the other. For example, how does knowing to run program B with host X as the target, resulting in shell access help me in securing it ? Disabling and removing what ever is responsible for allowing program B to work is not an acceptable answer.
Knowing that running program A will get you a root shell does not help you secure your system. Understanding that service FOO is vulnerable to a buffer-overflow due to a poor choice of system calls is quite useful. I would hope that a security class would teach more than how to be a script kiddie. It should be noted that the price for the class does set a bar to entry that should eliminate most cracker-wannabes
Am I the only person who has a problem with the idea of someone teaching hacking techniques? Sometimes I think I am.See above. It's one thing to teach someone how to secure a system, but if they don't know *why* what they're doing will secure it or further be able to notice other vulnerabilities in the system that weren't pointed out to them then at best they will be a second-rate security expert.But E&Y aren't teaching you how to secure a system, they're teaching you how to commit a crime, unless breaking into systems isn't a crime where they're taking those classes.
They are not teaching you how to commit a crime. I can break into systems all day as long as I 1) have permission or 2) own the system. Most knowledge can be used to commit a crime. High speed precision driving could be used to break traffic laws. Any training with firearms could be used to kill or injure. Books and information on lockpicking should certainly be outlawed.
[...]I also don't mean to glamorize crackers (hackers are people that write code, why is the terminology so often messed-up?) but in all honesty the vast majority of them aren't motivated by maliciousness so much as a desire to see if it can be done.You mean the same sort of deliquent attitude that leads them to `tagging' public transport and `decorating' otherwise flat, empty croncrete walls ? What about shop lifting ? Maybe I should get curious about murdering someone, try it out, just to see if I can get away with it. A crime is a crime, no matter which way you try to look at it and teaching people the skills should also be frowned upon. In something that recent legislation here in Australia brought up, it's against the law to publish a book which is instructional on committing a crime. The Internet has changed all that with instructional pages on just about everything under the sun available. I don't know if it's the same elsewhere with books, but condoning the disemination of knowledge about how to break the law seems somehow flawed.
A crime is a crime and people should be punished if they commit them. However information that MIGHT be used for a criminal purpose should not be restricted. IF you want to debate Australia's attempt to regulate information thats another conversation entirely. Suffice it to say I don't believe the US should try to enforce their laws in other countries and I certainly see no reason to obey Australia's laws in the US. bjp () va pubnix com | Disclaimer: Can you be sure I Complete stranger | even exist: Let alone represent Brad Passwaters | anyone or anything. ------------------------------------------------------------------------------- "The sooner you fall behind, the more time you will have to catch up"
Current thread:
- Re: Extreme Hacking, (continued)
- Re: Extreme Hacking Marcus J. Ranum (Jul 12)
- Re: Extreme Hacking Vanja Hrustic (Jul 06)
- Re: Extreme Hacking Dick Brooks (Jul 06)
- Re: Extreme Hacking Jody C. Patilla (Jul 07)
- Re: Extreme Hacking ark (Jul 06)
- Re: Extreme Hacking Ryan Russell (Jul 06)
- Re: Extreme Hacking Rafi Sadowsky (Jul 09)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Rafi Sadowsky (Jul 09)
- RE: Extreme Hacking sean . kelly (Jul 06)
- Re: Extreme Hacking Darren Reed (Jul 08)
- Re: Extreme Hacking Brad J Passwaters (Jul 12)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Brad J Passwaters (Jul 12)
- Re: Extreme Hacking Bennett Todd (Jul 13)
- Re: Extreme Hacking Darren Reed (Jul 08)
- Re: Extreme Hacking Tommy Ward (Jul 12)
- Re: Extreme Hacking dreamwvr (Jul 12)
- Re: Extreme Hacking James Burns (Jul 12)
- RE: Extreme Hacking George Jones (Jul 12)
- Message not available
- RE: Extreme Hacking Jody C. Patilla (Jul 12)
- RE: Extreme Hacking char sample (Jul 12)