Interesting People mailing list archives
So lets see how far one wants to go in informing the public of a problem
From: David Farber <dave () farber net>
Date: Tue, 31 Oct 2006 10:25:58 -0500
I am getting tired of the statement -- he did us a favor by publicizing it. The favor one can do is to find a reasonable cure. What would be your reactions if some person demonstrated the vulnerability of the internet by crashing it, the serious impact of viruses on Windows; the serious weakness of our port security by actually smuggling in a WMD. Mature researchers don't do this, they talk to the public, newspapers etc.
The statement that the Government should hire the person is just one more indication that the Hill does not understand at all technology. Maybe there should be a special GSA rating for virus creators etc.
Dave Begin forwarded message: From: Richard Forno <rforno () infowarrior org> Date: October 31, 2006 10:11:20 AM EST To: Dave Farber <dave () farber net>Subject: Re: [IP] more on Web Site Lets Anyone Create Fake Boarding Passes
I think the question really comes down to the emperor being peeved that the
public was told he had no clothes by someone "outside the system." While the outcome may be the same, I think there's a different sense of"anger" when you present such a finding (or demo, even) in a conference or semi-restricted venue as opposed to just making it available to EVERYONE on the net. And, of course, saying the same thing sans an "OMG it works!" demo
on Capitol Hill seems to be perfectly acceptable. Hypocritical, yes.Security-wise, this is nothing more than a public secret blown horribly out of proportion. I've been on many airport lines where folks asked the same
thing that this student does, and questioning the utility/real securitybenefit presented. Just because it was publicized on the Internet doesn't mean aviation security is undermined -- if Joe Sixpack notices and discusses something, it's a good bet that Billy BadGuy probably does, too. And given how the travelling public is treated these days, they notice LOTS of little things standing on endless lines and/or having to scrutinize all kinds of
shifting - and often nonsensical - security restrictions. Frankly I think the greater problem isn't the actual "demonstration" but rather the uninformed, emotional knee-jerk reaction made by folks in Washington whose first reaction is to accuse/punish the messenger whilstconcurrently running around waving their hands about how the sky is falling
because someone clearly showed what many in the travelling public havewitnessed and question for years. While emotions run high on vulnerability disclosure, I'd posit such is a useful demonstration of civic participation
in an attempt to implement REAL security and hold those charged with it accountable for failing their tasks. The emperor doesn't like accountability. Or being told he's naked. -rick Infowarrior.org On 10/31/06 9:44 AM, "David Farber" <dave () farber net> wrote:
When will our Senators understand ANYTHING Begin forwarded message: From: Jim Huggins <jhuggins () kettering edu> Date: October 30, 2006 9:04:22 PM EST To: David Farber <dave () farber net> Cc: Ip ip <ip () v2 listbox com> Subject: Re: more on Web Site Lets Anyone Create Fake Boarding Passes On Sun, 29 Oct 2006, David Farber wrote (in part):I do seriously question the ethics and maturity of someone who demonstrates what is well understood just for the sake of it all.I guess I'm not convinced that the boarding-pass loophole is actually well understood ... at least, by those with the authority to change things.As evidence, I cite the reaction of Congressman Edward Markey (D- Mass), member of the House Homeland Security committee, who, after news of the website became widely known, called for the creator of the website to bearrested: http://www.wired.com/news/technology/0,72023-0.html And then, once it was explained to him that the creator only took apreviously-known attack and made it easier, called on the government to*HIRE* him instead: http://blog.wired.com/27bstroke6/2006/10/congressman_res.html So, is the guy a criminal or a hero? If Congress can't figure it out, I'm not convinced they understand the underlying problems ... ------------------------------------- You are subscribed as rforno () infowarrior org To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- So lets see how far one wants to go in informing the public of a problem David Farber (Oct 31)