Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cons and Security Validation

From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
Date: Wed, 7 Feb 2001 11:45:45 -0600
We'd love to hear suggestions from the communit, especially this community.
BB's suggestion of hack.immunix.com is a good one, but I'm not sure how much
it differs from the usual hack-me contest.  How do other people feel about
that?


I expect if you just announce to the planet that this is an "unhackable"
box, you'll get all the action you can handle.  Formal hacking contests largely
attract kids with ego problems, or those who simply want the reward. Serious
crackers avoid them like the plague, for the most part.
An implicit challenge like a self-proclaimed perfectly secure system
will attract a somewhat more sophisticated breed of assailant, IMO.

Regardless of the circumstances, all that you can logically derive from
the outcome is that your system is or is not secure against a
certain finite set of attacks carried out using a particular
finite set of methodologies.  You can't logically
claim to be secure from attacks that didn't happen.

Cheers,

RGF

Robert G. Ferrell, CISSP
========================================
 Who goeth without humor goeth unarmed.
========================================
Previous By Date Next
Previous By Thread Next

Current thread: