Firewall Wizards mailing list archives
Re: Extreme Hacking
From: dreamwvr <dreamwvr () dreamwvr com>
Date: Fri, 09 Jul 1999 10:33:17 -0600
hi all,
Knowing the potential vulnerabilities of a system is the first step towards making it secure. It's even better if you can get ahead of the curve and discover new methods of breaking into a system that aren't yet public knowledge -- your systems will be that much more secure. Who better to secure a system against crackers than a cracker, provided you trust them?
i would have to agree here that is why apparently janet reno hired some to test some .gov networks fairly recently. you need IMHO a person that thinks like a hacker to protect your networks. This is something i was accused of when going to school many years ago:-{ The mentality of many system admins is that if you think like a hacker you are a hacker. To many this is down right wrong and will disuade many that could otherwise contribute to refrain simply from past experience. having said that the mindset of many administrators must change if there is even the foggiest hope of 'some more' security than exists today. How many times have you had the individual with can piss the farthest get more in the way of your mission than assist simply due to no understanding in this arena. With the result that we are all lesser for it:-(
Knowing how to break into a system does not provide knowledge in making it secure. Whilst there is definately some feedback between the two, one does not imply the other. For example, how does knowing to run program B with host X as the target, resulting in shell access help me in securing it ? Disabling and removing what ever is responsible for allowing program B to work is not an acceptable answer.
yes but if you are able to demonstrate or articulate the exploits this will often be enough to get upper management to sign on a project. otherwise it is simply another story that they will balance off according to the tangible effect on their bottom line. let me ask you this? how many of the consultants truly have carte blanc? So as a result we all lose in batting down the hatches;-} i guess what i am saying is heresay is often taken lightly without tangible proof. Also the decision makers are constantly being bombarded with propaganda from every selling of snake oil to the fountain of youth..:-/
See above. It's one thing to teach someone how to secure a system, but if they don't know *why* what they're doing will secure it or further be able to notice other vulnerabilities in the system that weren't pointed out to them then at best they will be a second-rate security expert.
i would agree here that the need is to understand the "Why 4 HOW COME" most times IMHO if you don't understand the problem you can't really come up with a good solution. probably the best security is the virtual network though which i gather most of us are running 2 at this time;-) so how can we improve be remaining flexible. i do think though that many that take this wallet thinner will be more enlightened as they would not take a course like that unless they were having difficulty in understanding what they were protecting against. E&&Y is simply riding the wave of insecurity that the corporate world is dealing with right now. I am not so sure that if i were a public company i could resist the temptation as well. After all they do have to keep their shareholders happy don't they. What depresses me often times is the impression that if you are the 'Golden Arches' you make a better burger || for that mater know how;-(}
But E&Y aren't teaching you how to secure a system, they're teaching you how to commit a crime, unless breaking into systems isn't a crime where they're taking those classes.
how much can they truly teach in a few day course? how long did it take you to understand the problems with TCP/IP ? How long did it take you to understand what is occuring under the surface in UNIX? if you are anything like me it surely wasn't overnight and i am still learning something pretty much everyday. IMHO if your not your dead in the water..
I also don't mean to glamorize crackers (hackers are people that write
code,
why is the terminology so often messed-up?) but in all honesty the vast majority of them aren't motivated by maliciousness so much as a desire to see if it can be done.
again i would agree here there are many... many that are simply interested in how the system gets the work done. inquiring minds want to know. since hollywierd has obfisciated for the masses the original concept of the hacker as opposed to the cracker we are left with a even more confused public. They often think they are the experts since they saw it on 'investgative reports' && i didn't since i was hiding behind one of my cpus at the time;-] In something that recent legislation
here in Australia brought up, it's against the law to publish a book which is instructional on committing a crime. The Internet has changed all that with instructional pages on just about everything under the sun available. I don't know if it's the same elsewhere with books, but condoning the disemination of knowledge about how to break the law seems somehow flawed.
that is what democracy is about. freedom to choose either wrongly or otherwise. where does it end when we all have a invisible tattoo on our forehead? that is a bit hypocritical as well considering that Australia in recent history used to check the palms and eyes of all immigrants to determine whether they were acceptable. i surely won't go further on that line. then again i saw that one on a recent documentary so maybe that too is a story:-} Somehow i doubt it.. Ever Read Fahrenheit 251? enough said.. Regards, dreamwvr () dreamwvr com Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ ************** DREAMWVR.COM - TOTAL INTERNET SERVICES **************** TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here.. <http://www.dreamwvr.com/services/MAX_SEC.html> DREAMWVR.COM - The Console of Many... 24 X 7 Evolution Internet <http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com> -> Linux-Mandrake Solution Provider and North American Distributor <- <http://www.dreamwvr.com/mandrake/mandrake-dist.html> "As Unique as the Company You Keep." "===0 PGP Key Available ________________________________________________________________________
Current thread:
- Re: Extreme Hacking, (continued)
- Re: Extreme Hacking Ryan Russell (Jul 06)
- Re: Extreme Hacking Rafi Sadowsky (Jul 09)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Rafi Sadowsky (Jul 09)
- RE: Extreme Hacking sean . kelly (Jul 06)
- Re: Extreme Hacking Darren Reed (Jul 08)
- Re: Extreme Hacking Brad J Passwaters (Jul 12)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Brad J Passwaters (Jul 12)
- Re: Extreme Hacking Bennett Todd (Jul 13)
- Re: Extreme Hacking Darren Reed (Jul 08)
- Re: Extreme Hacking Tommy Ward (Jul 12)
- Re: Extreme Hacking dreamwvr (Jul 12)
- Re: Extreme Hacking Ryan Russell (Jul 06)
- Re: Extreme Hacking James Burns (Jul 12)
- RE: Extreme Hacking George Jones (Jul 12)
- Message not available
- RE: Extreme Hacking Jody C. Patilla (Jul 12)
- RE: Extreme Hacking char sample (Jul 12)
- RE: Extreme Hacking mht (Jul 12)