Full Disclosure mailing list archives
Re: USDOJ BRAINWASHING TECHNIQUES
From: Darren Reed <avalon () caligula anu edu au>
Date: Wed, 11 Jun 2003 12:05:07 +1000 (Australia/ACT)
In some mail from KF, sie said:
The fact is it we need to take measures that help children understand hacking. This is hardly an issue of brain- washing. It is an issue of survival as a society. The more we help children understand about malicious hacking, the less likely they will perform these acts later in life. That only benefits society on a universal scale.Imagine if they would have done something like that with future <insert company name here> coders... Impress into their brains to not code security holes in to <web server xyz> in the first place. > Imagine if someone could have swayed the group of "hackers" > that destroyed a laboratory's long-term cancer research by > teaching them the necessity of universal survival as children. How about if they swayed the admin (as a child) to just patch his box up... Don't get me wrong...I will agree that educating children to not hack *could* cut down on attacks however it does nothing to stop the vulnerabilities that exist in soooooo many products. Time would be better spent educating the kids about how vulnerabilities are caused and what they could do to help prevent the issues to begin with. Teach these kids to not use strcpy into a fixed buffer or something.
The nature of this discussion is disturbing and you've mixed up a number of completely different problems into the one paragraph, as if they were somehow an excuse to not promote hacking as bad. Furthermore you have trivialised a number of points that are serious issues for the IT industry, as a whole. 1. Hacking *IS* bad and if children for some reason think it is cool then they need to be educated so that they understand it is NOT. There is no two ways about it. At the small end of the scale, I don't even view unauthorised port scanning as morally acceptable (even if the courts don't find it illegal), never mind actually breaking into one. It is an invasion of privacy, no two ways about it. The presence of software bugs is not an excuse to exploit them. 2. Secure progamming is something that needs to be taught at a level that is appropriate and that is definately not primary school or maybe even grade school. The problem is children who think they can program teach themselves bad habits and these bad habits do not get corrected later as they go on to become professional programmers. Regardless of talent, you should not be allowed to develop commercial applications as a programmer unless you have been properly schooled and thereafter stay current. That aside, security bugs can be much more than just a buffer overflow. What is really being said here is that software is not tested/evaluated to a high enough standard before being sold/shipped - this includes open source products. 3. In my eye, it is glaringly obvious that we (the royal we) do not yet have a sound foundation for what makes up good system administration practice. In part the problem here is that people are encouraged to believe just anyone can do it or, rather, that just anyone is expected to do it (e.g Microsoft Windows 2000 and later for "home".) Just to leave you with an end teaser, consider what it would mean if software sold could not disclaim fitness for purpose. Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- USDOJ BRAINWASHING TECHNIQUES morning_wood (Jun 10)
- <Possible follow-ups>
- RE: USDOJ BRAINWASHING TECHNIQUES David Vincent (Jun 10)
- Re: USDOJ BRAINWASHING TECHNIQUES northern snowfall (Jun 10)
- Re: USDOJ BRAINWASHING TECHNIQUES morning_wood (Jun 10)
- Re: USDOJ BRAINWASHING TECHNIQUES KF (Jun 10)
- Re: USDOJ BRAINWASHING TECHNIQUES northern snowfall (Jun 10)
- Re: USDOJ BRAINWASHING TECHNIQUES Darren Reed (Jun 10)
- Re: USDOJ BRAINWASHING TECHNIQUES noconflic (Jun 12)
- Re: USDOJ BRAINWASHING TECHNIQUES northern snowfall (Jun 10)
- Re: USDOJ BRAINWASHING TECHNIQUES martin f krafft (Jun 11)
- Re: Re: USDOJ BRAINWASHING TECHNIQUES Shawn McMahon (Jun 11)
- Re: USDOJ BRAINWASHING TECHNIQUES martin f krafft (Jun 11)
- Re: USDOJ BRAINWASHING TECHNIQUES Darren Reed (Jun 10)