funsec mailing list archives
Re: Congressman Ed Markey Wants Security Researcher Arrested
From: Kevin Johnson <kjohnson () secureideas net>
Date: Sat, 28 Oct 2006 09:29:40 -0400
On Oct 27, 2006, at 11:24 PM, Nick FitzGerald wrote:
Larry Seltzer wrote:I know this makes me a fascist around here but this bothers me a lot. He's facilitating fraud, and the fact that he himself says they're not good enough to get you on a plane makes me doubt the value of his research. Suppose he was making software to print $100 bills. Is that OK because itshows weaknesses in the currency? And if he or anyone else uses these they definitely should be busted.
Then I guess we need more fascists. ; )
I think you've missed the point...
I don't think Larry did. I think his comment was toward the act not the system.
_If_ these forgeries are good enough to get through initial (usually just the briefest of eye-balling and often kerbside) screening _AND_ that opens the whole system up to some much bigger threat _THEN_ the whole system is totally borked from tip to toe. snip
In no way does this contradict what Larry said. I think it may be a little
extreme saying it is totally borked, but forgeries are an issue that all systems need to take into account. If the system doesn't, then that needs to be fixed.
_IF_ the current system cannot filter out those carrying fake boarding passes, _THEN_ the current system _IS BROKEN_. snip
Again, I don't think Larry or myself disagree with this.
Yes, what he's doing is technically fraud, but to even suggest it begins to equate with forging $100 bills is reactionary nonsense.
Actually I think the two are very similar. Fraud is fraud. Saying something is technically fraud is the same as saying your girlfriend is slightly pregnant. It either is or it isn't. I personally have no problem with someone generating a single fake ticket that was only there to show that a fake was possible. Mark it as fake and make your point. But putting up a site that generates the tickets is to far. I think that we as an industry allow people way to much leeway when
they assign themselves the title security researcher. Thanks Kevin --------------------- GCIA, GCIH BASE Project Lead http://base.secureideas.net The next step in IDS analysis!
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Congressman Ed Markey Wants Security Researcher Arrested Fergie (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Nick FitzGerald (Oct 27)
- <Possible follow-ups>
- Re: Congressman Ed Markey Wants Security Researcher Arrested Gregory Hicks (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Nick FitzGerald (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Kevin Johnson (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 28)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 27)