Re: Extreme Hacking

["Marcus J. Ranum" <mjr () nfr net>]

Aleph One wrote:
> > lots of money because they have hacking backgrounds. The only
> > way I can think of to make hacking unattractive is to make it
> > really really expensive when you get caught.
>
> Somewhat like guns heh? [ Ducks ]

Yeah.:)

I think it'd be morally reprehensible to hold clinics
in "how to stick up a 7-11" or "drive-by-shootings for
beginners."

I'm sure most of the folks who went to "extreme hacking"
were electronic 7-11 owners interested in polishing their
techniques. But is that what we want to teach people?

There is some kind of responsibility that goes with having or
distributing powerful and dangerous tools. Some people - the
majority, as with guns - can handle that responsibility, and
you never hear about them and never have trouble from them.
There are always a minority who cause a problem. Stepping on
them, without trampling the rights of the others is a real
trick.:(  A lot of security experts believe in releasing tools
that "illustrate the deficiency" of some systems by allowing
an attacker to exploit them. This, clearly, encourages the
vendor to fix the problem more quickly than if there were
no bullets flying around their ears. I'm not sure I believe
it's a good thing to release such tools, any more than it is
to give loaded firearms to untrained, irresponsible, anonymous
children.

Back to the "you can't solve social problems with software"
issue - one of the _big_ social problems of the Internet is
the ease with which you can be anonymous. That's also one of
its great features. There are folks out there who abuse
that feature so badly they ruin it for the rest of us. I don't
think we should do anything that even _resembles_ condoning
or encouraging it.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr