Firewall Wizards mailing list archives
Re: concerning ~el8 / project mayhem
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sat, 17 Aug 2002 21:44:48 -0400
Paul D. Robertson wrote:
in the past. If you're a true white hat, you're not replete with hacking technique and you're not the kind of guy who can whip out a tool to crack into any website any time, or whatever. UNfortunately,I'm not sure I totally agree with this premise- I think I couldsit and find and code exploits on my test network if I had the time.
That's not hacking technique, that's commonsense engineering. I should have been more clear in my terminology: I meant that you don't need to run around with a big encrypted CDROM full of your toolz to be a security guru. You need to understand the forms and functions of categories of attacks so you can defend against them or design around them as _categories_ - having specific knowledge (or toolz) to break specific versions of software on specific architectures - that's just lame script-kid stuff. And there are a kit of "security analysts" whose level of expertise is more in the script kiddy vein than not. Perhaps we should call them "Scanner-kiddies" ? ;)
I most certainly could run the kiddie tools, and let's face it, there isn't really all that much to "hacking technique" until you start to get into really sophisticated stuff- finding overflows and races is certainly doable if you're completely clean- you just have to do it on your own stuff.
You're talking about real analytics, there. Applying and customizing knowledge. That _is_ what security is about. That's how to do it right. Collecting the kiddie toolz is book-keeping. Writing the toolz is just an exercise in patience.
I think the biggest trouble with the current scenerio is that many, many customers don't understand that you don't *need* the attack tools to mount an effective defense, nor to tell what's wrong with the current one. I think even vulnerability scanners are mostly a waste of time.
Yup. In order to "do it right" you have to first overcome a level of induced ignorance (or would "disinformation" be a better term?) before you can begin to really educate customers. That's lame. It's part of the price we've all had to pay because hacking has been promoted as cool and sexy while merely writing bulletproof code is uninteresting dull rote work. mjr. --- Marcus J. Ranum - Computer and communications Security Expertise mjr () ranum com (http://www.ranum.com) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: concerning ~el8 / project mayhem, (continued)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 21)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Re: concerning ~el8 / project mayhem Anton Chuvakin (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Josh Welch (Aug 21)
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Re: concerning ~el8 / project mayhem Adam Shostack (Aug 23)
- Message not available
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 18)
- RE: concerning ~el8 / project mayhem Bill Royds (Aug 18)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 18)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)
- Re: concerning ~el8 / project mayhem Darren Reed (Aug 18)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 19)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Tina Bird (Aug 19)
- Re: concerning ~el8 / project mayhem Adam Shostack (Aug 19)