Full Disclosure mailing list archives
Re: Please post to the list
From: Alexander Bartolich <alexander.bartolich () gmx at>
Date: Sat, 23 Nov 2002 02:52:28 +0100
Schmehl, Paul L wrote: > [...] So why should I, as a guy who is concerned about the > security of my network, care what blackhats have to say? > Why should I support anything the blackhats are trying > to convince me I should support? "You cannot have a science without measurement." -- R. W. Hamming Examiners who carefully avoid all areas where you might have trouble are a waste of time. Military maneuvers without someone playing the enemy are not fun. And crash tests with cars, trucks, trains and planes are fairly standard. Of course software is not strictly comparable. It is more like bananas, inedible on delivery, ripes on site. There is no liability, no class action-suits, not even applied anti-trust law. But then software development is dirt cheap, provided you already have the knowledge and do it on spare time. Since vendors get away with shipping buggy software they are effectively out-sourcing debugging to their customers. Or whoever gives their stuff a try. Is it ethical to actively search bugs? I think so. Is it ethical to misuse these bugs, i.e. not stop after a core dump but to take the extra miles to a working exploit? I'd say that depends on whom you consider your enemy. The individuals who speak up on Usenet, mailing lists and weblogs might do it for a lot of reasons; fame, vandalism, revenge or just from nine to five. But I doubt that members of organized crime, secret services or anarchist groups will ever announce their 'achievements' that openly. A freak sneaking into corporate head quarters and managing all the way to the penthouse is a nuisance. Double so if he takes the liberty to shit on the desk of the CEO. Quadruple if he takes pictures of the result and publishes them. But this is _nothing_ compared to the damage a dedicated professional can do. Apart from espionage and electronic fraud. What about using your account to sent hate mail or other anti-reputation material? Upload illegal content and tip off the cops? How much 'mobbing' does it take to ruin a career? Getting angry at script kiddies and the like is to confuse symptoms with the cause. -- post tenebras lux. post fenestras tux. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list Day Jay (Nov 22)
- <Possible follow-ups>
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Day Jay (Nov 22)
- Re: Please post to the list Alexander Bartolich (Nov 22)
- RE: Please post to the list b0iler _ (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 23)
- RE: Please post to the list ratel (Nov 23)
- Re: Please post to the list John Andersen (Nov 23)
- RE: Please post to the list Schmehl, Paul L (Nov 23)