Vulnerability Development mailing list archives
Re: Cons and Security Validation
From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
Date: Wed, 7 Feb 2001 11:45:45 -0600
We'd love to hear suggestions from the communit, especially this community. BB's suggestion of hack.immunix.com is a good one, but I'm not sure how much it differs from the usual hack-me contest. How do other people feel about that?
I expect if you just announce to the planet that this is an "unhackable" box, you'll get all the action you can handle. Formal hacking contests largely attract kids with ego problems, or those who simply want the reward. Serious crackers avoid them like the plague, for the most part. An implicit challenge like a self-proclaimed perfectly secure system will attract a somewhat more sophisticated breed of assailant, IMO. Regardless of the circumstances, all that you can logically derive from the outcome is that your system is or is not secure against a certain finite set of attacks carried out using a particular finite set of methodologies. You can't logically claim to be secure from attacks that didn't happen. Cheers, RGF Robert G. Ferrell, CISSP ======================================== Who goeth without humor goeth unarmed. ========================================
Current thread:
- Re: Cons and Security Validation, (continued)
- Re: Cons and Security Validation H D Moore (Feb 08)
- Re: Cons and Security Validation Crispin Cowan (Feb 10)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Robert A. Seace (Feb 07)
- Re: Cons and Security Validation Blue Boar (Feb 08)
- Re: Cons and Security Validation Michel Kaempf (Feb 08)
- Re: Cons and Security Validation Blue Boar (Feb 08)
- Re: Cons and Security Validation Pavel Kankovsky (Feb 13)
- Re: Cons and Security Validation Jose Nazario (Feb 11)
- Re: Cons and Security Validation Glen Messenger (Feb 07)
- Re: Cons and Security Validation Robert G. Ferrell (Feb 07)
- Re: Cons and Security Validation Rowe, Michael CONT (Feb 07)
- Re: Cons and Security Validation Robert A. Seace (Feb 07)