Bugtraq mailing list archives
Re: Vulnerabilites in new laws on computer hacking
From: Sysmin Sys73m47ic <sysmin.systematic () gmail com>
Date: Thu, 16 Feb 2006 12:19:11 -0500
"Advanced societies" are updating computer crime laws faster than the rest of the world. This means that new generations of these more "advanced societies" will have no clue about how remote computer attacks are carried out. Future generations of security "experts" will be among the most ignorant in the history of computer security.
Self Destruction, Very well put. You really hit the nail on the head, which means you are probably going to get a ton of flack. Many will not understand where you are coming from with this post, hence the post from Paul. I understand exactly, there are a lot of people calling themselves penetration testers and selling their services to companies and they really do not have clue what is going on. They hand their customer a Nessus scan and wash their hands. I have to deal with them quite often and truthfully it makes me sick. Now, I am not advocating breaking in to other people's systems, but as the paranoia about breaking in to systems increases there seems to be a buffer zone that will increase and engulf a the gray area surrounding systems (ie Wardriving, teaching, etc.). So, although I agree with you I don't really have a solution to the problem either. To say that Intent should be taken in to account on computer crimes would lend tons of ammunition for a defense attorney for every computer crime case. You would think by now, we as humans would let some common sense in to our thick skulls, but that is not the case. Enacting harsher punishments for laws does not stop criminals from committing crimes. Criminals commit crimes irregardless of laws and harshness of punishment, HELLO... They don't think they will get caught. Any analysis of 10-20-Life laws or Three Strikes laws will tell you that. Gun control is another issue I can't get over, the bad guys still had the guns. All gun control does is stop law abiding citizens from owning them. Anyone who says otherwise is kidding themselves. Most of the fraud, scams, and misc computer crimes are not happening in the countries enacting these laws anyway.
That's silly. Researchers know full well how to do this without ever breaking any laws. In fact, most of the best researchers who are finding the bugs and weaknesses in systems never breakin to any system not owned by them.
Paul, this isn't necessarily true. Right or wrong, many people cut their teeth messing with other people's systems.
New generations of teenagers will be scared of doing online exploration. I'm not talking about damaging other companies' computer systems. I'm talking about accessing them illegally *without* revealing private information to the public or harming any data that has been accessed. To me, there is a big difference between these two types of attacks but I don't think that judges feel the same way. Furthermore, I don't even think that judges understand the difference.To me there is not. They're my systems. Stay out, thank you very much. If you want to learn how to hack, set up your own network, install some OSes, with various patch levels, and hack away. You can learn everything you need to know without ever touching a system you do not own. Get your buddies involved. Hack each other's boxes. But do not hack into systems that do not belong to you. That *should* be illegal and you *should* be prosecuted.
And you're wrong. I don't have to hack into someone else's equipment to know how to hack into things.
Just to play devil's advocate here, perhaps you have $100,000 for a real lab. There is only so much simulation that can be done in a lab. Truly learning how to do many of these things takes years and more than just a test windows box. As I said, just devil's advocate. I am not saying to go nuts and break in to everyone's system. The answer you gave is not a feasible one for a 16 year old kid. I think a better answer would have been, create better programs in schools that actually have the money for such a lab. Now going back to Self Destruction's point, harsher laws may make it illegal to teach such skills in school, this would only serve to support his point even more.
Do locksmiths break in to random houses to learn their craft?
You can't compare the complexity dynamic nature of today's modern computing environments with that of a locksmith.
I know what you're thinking. You can learn about security attacks by setting up you're own controlled environment and attacking it yourself. Well, what I say is that this approach *does* certainly make you a better attacker, but nothing can be compared to attacking systems in real world scenarios.
Right on. 100 percent correct. There is no substitute for real world experience in penetration testing. No training course or certification test can make up for that. -- Sysmin Sys73m47ic
Current thread:
- Vulnerabilites in new laws on computer hacking self-destruction (Feb 15)
- Re: Vulnerabilites in new laws on computer hacking Paul Schmehl (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking Max Ashton (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking Sysmin Sys73m47ic (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking Radoslav Dejanović (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Crispin Cowan (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Casper . Dik (Feb 24)
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 24)
- Message not available
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Paul Schmehl (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking ArkanoiD (Feb 21)