Re: Oracle Chief Challenges Hackers

[InfoSec News <isn () c4i org>]

Forwarded from: "Michael J. Reeves, AA, ASc" <mjreeves () 2xtreme net>

I find the comments made by J. D. Dyson interesting. I recognize he is
one of the more knowledgable and visible persons of this forum.
However, I cannot totally agree with his views in this matter.

Having studied the history of cryptoanalysis, it is apparent that most
cryptoanalysis is supported by the government. Secondly, though the
URL link is highly critical of contests, it does not offer many
concrete facts to support the position of the writer.
        
For example, the contest mentioned, and the alleged fact that the
algorithm was broken by various means. Nowhere is it indicated whether
the TEXT was in fact RECOVERED???
        
Fact: IF you have NOT recovered the text, you have NOT broken the
code.
        
Fact: Babbage was an academic who worked for the government. So are
many other academics.
        
In the present instance, the game is to break into/through a security
system on a computer network. For a lot of hackers who take this as a
PERSONAL affront to their skills, they will increase their attacks on
the system.
        
This will of course generate a great deal of information for the
developer/publisher of the software in question. It should be obvious
that the developer will use this information to enhance and fix
security breaches in thier program.
        
ALL FOR FREE!!! THANK YOU VERY MUCH FOR YOUR EGOTISTICAL
COOPERATION!!! LOW SELF-ESTEEM is SO-OO manipulatable!!!
        
IF I was going to play the role of a "BLACK HAT HACKER" (IF!!!), I
would keep my mouth shut, and WAIT until the software has been
disseminated into the network system. I would attack the USER's
system, and leave the developer alone. THIS is the strategy that HURTS
the developer's credibility!!!

IF the developer wants to test their system through a contest, let
them put up some SERIOUS money. Consider they are attempting to hire
for FREE the combined skills of numerous hackers of various abilities
that may total hundreds of hacking experiemce years.
        
An appropriate amount of money would be several ANNUAL salaries that
could be shared among those who successfully breach the system.
Consider this a CONSULTING FEE for contributing to the further
development of the security features!!!

IMHO...

MJR



InfoSec News wrote:
 
> Forwarded from: Jay D. Dyson <jdyson () treachery net>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thu, 15 Nov 2001, InfoSec News wrote:
> <SNIP>
>
>         If stupidity is dangerous, then Mr. Ellison's statement is
> accurate.
>
>         For clear and concise refutation on why the challenge is bogus, I
> need only point to Bruce Schneier's December 1998 remarks on the matter:
>
>         http://www.counterpane.com/crypto-gram-9812.html#contests
>
>         Mr. Ellison would do well to read it and recognize his folly.
>
>         And for the record, nothing, but *nothing* is perpetually secure.
> Time is the greatest reducer of perceived absolutes.  And when (not if)
> the time comes when Oracle is breached, I will personally laugh...
>
>         ...and point.
>
> - -Jay
> <SNIP>

-- 
Michael J. Reeves, AA, ASc
MJR Consulting Services
4231 Watrous Avenue
Sacramento, California 95842

Voice: (916) 344-7834
FAX: (916) 349-1849 By Appointment
E-Mail: mjreeves () 2xtreme net
---------------------------------------------------------
REMEMBER: Artificial Intelligence beats real Stupidity!!!

Failure, the FIRST step toward SUCCESS!!!

I have no SPAM. I don't give a SPAM.
I take no SPAM from anyone. I am NOT in the SPAM business!!!

There are NO OBSTACLES, only CHALLENGES to CONQUER...

NO PARADOXES, only ILLUSIONS...

Rule #1: Murphy's Law: Shit Happens!!!
Rule #2: YOU CAN'T CHANGE RULE #1!!!

Murphy's Law of Statistics: You will never get the minimum sample size
desired no matter how large a group you select from.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.