Firewall Wizards mailing list archives

Re: Recent Attacks

From: Claudio Telmon <claudio () telmon org>
Date: Wed, 23 Feb 2000 19:47:42 +0100

"Marcus J. Ranum" wrote:


Darren Reed writes:

So are you suggesting that perhaps it is time software such as ISS, etc,
to not only be made available with strict controls over which targets
they can be used against (article about this went to bugtraq some time
ago) but also be required for those buying the product/license keys
in order to undertake such work ?  I think this is almost a inevitable.


So do I. Indeed, I think that it may boil down to some kind of
professional certification being necessary. There are analogs
to this - locksmithing certification, federal firearms license, etc.
That's part of what I meant about how that grey area is going to
get real thin, soon.


I don't understand. So I need to be "certified" to write a tool like
ISS. And if i write a single exploit? It's hard to make a difference
when talking about laws. So only some "professionals" could publish
exploits, while hacker would continue to write them. This means that
"full disclosure" would die, but exploits would survive. As you know,
many companies denied the existence of vulnerabilities, even when
published, until an exploit was published too. Do you think that those
few "certified" companies and professionals would work against
Microsoft's interest just to add or publish vulnerabilities that nobody
cares about becouse Microsoft says they don't exist? IMHO this is
straight Security Through Obscurity. Easy-to-use hacker tools is the
price we must pay for better overall security. Nobody said "we need a
certification" when somebody was hacked because of an old senmail; just
said "update your server". So let's find a solution to DDOS, and a lot
of other problems, that it's really a solution (or part of it). Like
removing ISP's from BGP if they don't use ingress filtering, without
asking them about performance problems. We are trying to deal with spam
without law enforcement: black lists and Acceptable Use Policies. IMHO
DDOS are not whorse.

ciao

- Claudio

-- 
Claudio Telmon
claudio () telmon org
http://www.telmon.org

Current thread:

Re: Recent Attacks, (continued)
- - - Message not available
    - Re: Recent Attacks David LeBlanc (Feb 19)
    - Re: Recent Attacks Ryan Russell (Feb 19)
    - Re: Recent Attacks Philip J. Koenig (Feb 23)
    - Message not available
    - Re: Recent Attacks Marcus J. Ranum (Feb 19)
    - Re: Recent Attacks Darren Reed (Feb 20)
    - Message not available
    - Re: Recent Attacks Marcus J. Ranum (Feb 20)
    - Re: Recent Attacks Ryan Russell (Feb 21)
    - Re: Recent Attacks Ryan Russell (Feb 23)
    - Re: Recent Attacks Marcus J. Ranum (Feb 20)
    - RE: Recent Attacks Chris Crozier (Feb 21)
    - Re: Recent Attacks Claudio Telmon (Feb 24)
    - Re: Recent Attacks Ryan Russell (Feb 21)
    - Re: Recent Attacks Darren Reed (Feb 21)
    - Re: Recent Attacks Michael Cassidy (Feb 23)
    - Re: Recent Attacks Paul D. Robertson (Feb 21)
    - Re: Recent Attacks Darren Reed (Feb 21)
    - Re: Recent Attacks Paul D. Robertson (Feb 21)
    - Re: Recent Attacks Philip J. Koenig (Feb 24)
    - Message not available
    - Re: Recent Attacks David LeBlanc (Feb 21)
    - Re: Recent Attacks Barrett G. Lyon (Feb 17)
- RE: Recent Attacks John Young (Feb 15)

(Thread continues...)