Re: Security Industry Under Scrutiny #4

["sockz loves you" <sockz () email com>]

> They're already skilled at developing their own tools for "killing", and
> they already "kill" for various reasons, whether it be personal gain,
> organisational gain (ie a hacking group), or conceivably for the gain of
> a foreign, enemy power.  To continue your comparison between wannabe
> hackers and amateur killers, the blackhats, therefore, are the
> professional hitmen.  The real contract killers.  The Jackal, perhaps.

oh please, and you think that telling everyone about some new xml exploit
is going to stop people like that?  face it, buster, there is no way to stop
professional hackers.  but the crucial differences are:

a) they generally spend less time looking for exploits and are fewer in
   numbers than whitehats.  thus, pose less of a threat to security than
   the amount of information put out by the security industry to the
   general public.

b) these people dont share their exploit information.  reducing the likelihood
   of an attack to some random system.  essentially it is safer.

c) if the security were so great at doing its job then why do these people
   still exist in society?  as it stands, current practices seem as though
   the result would be more professional hackers because more people are being
   informed about how to hack shit.  sure there is a big leap between reading
   something liek nomads faq and being paid to hack shit for some terrorist
   organisation, but given that the audience is so large, that percentage
   chance is still a higher number.

********************************************************************************
but, the issue here is not that professional's liability but rather corporate
responisbility in the kind of information it releases.
********************************************************************************

> Which do you think an open, democratic society would see as the greater
> threat?

the threat that wants to see the general public turned into criminals, thus
degrading society and making crime more common.  crime is bad for society,
remember?
 
> The threat of a vast number of people capable of "falling off the
> cliff" and killing other random citizens that don't have protection
> details etc.

heh i like it how you extended this analogy to have the hacker falling on ppl
to kill them.  its cute, i love it :D
 
> Or the threat of a select few that understand defensive tactics, walking
> formations, successive layers of security, what security surveys are
> likely to find, and are capable of assassinating the head of state?

there is a difference between self defence and offense.  i have nothing against
self defence, i think its a basic human reaction.  but to maliciously attack
another human (or their computer) is illegal.  and we have to stop treating
hacking as though its acceptable in society.  that its okay for people to
read through advisories and then use that information to compromise a system.
its not right.  and non-disclosure is one of the more effective ways to stop it.
 
> You'll find your answer to this question in the degree to which
> organisations such as the FBI take threats against the President so
> seriously.  They know they can protect against most random nutballs with
> an ounce of information and proper preparedness.  They don't know they can
> protect against an individuals with skill, determination and the proper
> equipment.

sorry but you're wrong.  i dont find my answer here.  all i see is that in your
analogy the FBI can be called the "security industry" but where the FBI releases
information to the public (maybe through a newspaper or tv) on how to
assassinate presidents.
 
> I <3 U 2

!!!
2 b4d w3 c4n n3v3r b 2g3th3r bcuzz u r a wh1t3h4t & 3y3 h8 u :(
-- 
_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Meet Singles
http://corp.mail.com/lavalife

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html