Firewall Wizards mailing list archives

Re: Recent Attacks

From: "Philip J. Koenig" <pjklist () ekahuna com>
Date: Wed, 23 Feb 2000 01:53:42 -0800

On 20 Feb 00, at 16:47, Darren Reed boldly uttered:

In some email I received from Marcus J. Ranum, sie wrote:
[...]

         There's always going to be a grey area in which legitimate
tools can be abused. This almost exactly aligns with the gun debate -
a long and tedious debate that I suggest we avoid in this list - but
similarly to the gun debate, society at large (legally and through
social pressure) defines what are "appropriate" tools and their
appropriate uses. It is not appropriate for me to own heavy
antitank weaponry; it is appropriate for me to own properly licensed
hunting and target weapons. It is not appropriate for me to use those
irresponsibly; it is appropriate for me to use them legally and
carefully at a supervised range. If, for a second I cross the line into
irresponsible use or inappropriate action, by threatening, endangering,
or even merely making someone uncomfortable, I have exitted the
grey area and entered into the wrong. This is a black and white
issue, and police, judges, and juries, are quite capable of
dealing with it. So it is with hackers.


So are you suggesting that perhaps it is time software such as ISS, etc,
to not only be made available with strict controls over which targets
they can be used against (article about this went to bugtraq some time
ago) but also be required for those buying the product/license keys
in order to undertake such work ?  I think this is almost a inevitable.
I can't see why professionals would object to this - every `respectable'
procession has some sort of official "badging" which is required before
you practice in it.



That's all well and good in the old-time traditional, physical,
geographical, political world of "meatspace", but I'm afraid 
the model fails horribly in cyberspace.

It seems to me that the likelihood of enforcing such a "global
standard for information security practictioners" is almost nil.

You could do that within a single political entity (ie the US,
or maybe even North America) but the troublemakers and fringe-
sitters would end up making their bases offshore. (like various
other deprecated 'net entities seem to have already done)

(See how far you get trying to enforce copyright laws in China
and Russia for just one example)



Phil

Current thread:

Re: Recent Attacks, (continued)
- - - Re: Recent Attacks Ryan Russell (Feb 23)
    - Re: Recent Attacks Marcus J. Ranum (Feb 20)
    - RE: Recent Attacks Chris Crozier (Feb 21)
    - Re: Recent Attacks Claudio Telmon (Feb 24)
    - Re: Recent Attacks Ryan Russell (Feb 21)
    - Re: Recent Attacks Darren Reed (Feb 21)
    - Re: Recent Attacks Michael Cassidy (Feb 23)
    - Re: Recent Attacks Paul D. Robertson (Feb 21)
    - Re: Recent Attacks Darren Reed (Feb 21)
    - Re: Recent Attacks Paul D. Robertson (Feb 21)
    - Re: Recent Attacks Philip J. Koenig (Feb 24)
    - Message not available
    - Re: Recent Attacks David LeBlanc (Feb 21)
    - Re: Recent Attacks Barrett G. Lyon (Feb 17)
- RE: Recent Attacks John Young (Feb 15)
- RE: Recent Attacks Starkey, Kyle (Feb 15)
  - RE: Recent Attacks Stephen Seal (Feb 17)
  - RE: Recent Attacks Lance Spitzner (Feb 17)
  - Re: Recent Attacks Frank L. Heidt (Feb 17)
  - Re: Recent Attacks Iván Arce (Feb 17)
    - Re: Recent Attacks Paul D. Robertson (Feb 19)
- Re: Recent Attacks Matthew_S_Cramer (Feb 15)

(Thread continues...)