Firewall Wizards mailing list archives
Re: Extreme Hacking
From: Darren Reed <darrenr () reed wattle id au>
Date: Wed, 7 Jul 1999 13:24:10 +1000 (EST)
In some email I received from sean.kelly () lanston com, sie wrote:
From: Marcus J. Ranum [mailto:mjr () nfr net] Subject: Re: Extreme Hacking A number of "reputable" security companies develop their own hacking techniques. I'm not sure what the justification is -- other than that it just comes naturally, since they tend to hire "ex-"hackers. It'd be unrealistic to expect those guys to stop thinking in terms of how systems are broken into, and to shift their thought-patterns into thinking about how to keep systems secure.Knowing the potential vulnerabilities of a system is the first step towards making it secure. It's even better if you can get ahead of the curve and discover new methods of breaking into a system that aren't yet public knowledge -- your systems will be that much more secure. Who better to secure a system against crackers than a cracker, provided you trust them?
Knowing how to break into a system does not provide knowledge in making it secure. Whilst there is definately some feedback between the two, one does not imply the other. For example, how does knowing to run program B with host X as the target, resulting in shell access help me in securing it ? Disabling and removing what ever is responsible for allowing program B to work is not an acceptable answer.
Am I the only person who has a problem with the idea of someone teaching hacking techniques? Sometimes I think I am.See above. It's one thing to teach someone how to secure a system, but if they don't know *why* what they're doing will secure it or further be able to notice other vulnerabilities in the system that weren't pointed out to them then at best they will be a second-rate security expert.
But E&Y aren't teaching you how to secure a system, they're teaching you how to commit a crime, unless breaking into systems isn't a crime where they're taking those classes. [...]
I also don't mean to glamorize crackers (hackers are people that write code, why is the terminology so often messed-up?) but in all honesty the vast majority of them aren't motivated by maliciousness so much as a desire to see if it can be done.
You mean the same sort of deliquent attitude that leads them to `tagging' public transport and `decorating' otherwise flat, empty croncrete walls ? What about shop lifting ? Maybe I should get curious about murdering someone, try it out, just to see if I can get away with it. A crime is a crime, no matter which way you try to look at it and teaching people the skills should also be frowned upon. In something that recent legislation here in Australia brought up, it's against the law to publish a book which is instructional on committing a crime. The Internet has changed all that with instructional pages on just about everything under the sun available. I don't know if it's the same elsewhere with books, but condoning the disemination of knowledge about how to break the law seems somehow flawed. Darren
Current thread:
- Re: Extreme Hacking, (continued)
- Re: Extreme Hacking Bennett Todd (Jul 12)
- Re: Extreme Hacking Marcus J. Ranum (Jul 12)
- Re: Extreme Hacking Bennett Todd (Jul 12)
- Re: Extreme Hacking Vanja Hrustic (Jul 06)
- Re: Extreme Hacking Dick Brooks (Jul 06)
- Re: Extreme Hacking Jody C. Patilla (Jul 07)
- Re: Extreme Hacking ark (Jul 06)
- Re: Extreme Hacking Ryan Russell (Jul 06)
- Re: Extreme Hacking Rafi Sadowsky (Jul 09)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Rafi Sadowsky (Jul 09)
- RE: Extreme Hacking sean . kelly (Jul 06)
- Re: Extreme Hacking Darren Reed (Jul 08)
- Re: Extreme Hacking Brad J Passwaters (Jul 12)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Brad J Passwaters (Jul 12)
- Re: Extreme Hacking Bennett Todd (Jul 13)
- Re: Extreme Hacking Darren Reed (Jul 08)
- Re: Extreme Hacking Tommy Ward (Jul 12)
- Re: Extreme Hacking dreamwvr (Jul 12)
- Re: Extreme Hacking James Burns (Jul 12)
- RE: Extreme Hacking George Jones (Jul 12)
- Message not available
- RE: Extreme Hacking Jody C. Patilla (Jul 12)